From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Mon, 14 Jan 2019 14:59:35 +0000 (+0000)
Subject: docs/features/qemu-deprivilege.pandoc: No support with Linux <2.6.18
X-Git-Tag: archive/raspbian/4.14.0+80-gd101b417b7-1+rpi1^2~63^2~2637
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=617da6a3796eda79cc5f13e4a128e4d80d720925;p=xen.git

docs/features/qemu-deprivilege.pandoc: No support with Linux <2.6.18

Some early kernels are known not to reject unknown flags to
unshare().  There may be other problems.

CC: Jan Beulich <JBeulich@suse.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Release-acked-by: Juergen Gross <jgross@suse.com>
---

diff --git a/docs/features/qemu-deprivilege.pandoc b/docs/features/qemu-deprivilege.pandoc
index eb05981a83..20d6ac2189 100644
--- a/docs/features/qemu-deprivilege.pandoc
+++ b/docs/features/qemu-deprivilege.pandoc
@@ -112,6 +112,9 @@ The following features still need to be implemented:
  * Inserting a new cdrom while the guest is running (xl cdrom-insert)
  * Migration / save / restore
 
+dm_restrict is totally unsupported and may have unexpected security
+problems if used with a dom0 Linux kernel earlier than 2.6.18.
+
 Additionally, getting PCI passthrough to work securely would require a
 significant rework of how passthrough works at the moment.  It may be
 implemented at some point but is not a near-term priority.