docs/features/qemu-deprivilege.pandoc: No support with Linux <2.6.18

Some early kernels are known not to reject unknown flags to
unshare().  There may be other problems.

CC: Jan Beulich <JBeulich@suse.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Release-acked-by: Juergen Gross <jgross@suse.com>

diff --git a/docs/features/qemu-deprivilege.pandoc b/docs/features/qemu-deprivilege.pandoc
index eb05981a8360098f34986011f51258875961e624..20d6ac2189604325b0fce35568cede4a25eec59f 100644 (file)
--- a/docs/features/qemu-deprivilege.pandoc
+++ b/docs/features/qemu-deprivilege.pandoc
@@ -112,6 +112,9 @@ The following features still need to be implemented:
  * Inserting a new cdrom while the guest is running (xl cdrom-insert)
  * Migration / save / restore
 
+dm_restrict is totally unsupported and may have unexpected security
+problems if used with a dom0 Linux kernel earlier than 2.6.18.
+
 Additionally, getting PCI passthrough to work securely would require a
 significant rework of how passthrough works at the moment.  It may be
 implemented at some point but is not a near-term priority.