Add "vmm" pledge to allow restricted ioctl access to /dev/vmm. - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	reyk <reyk@openbsd.org>	2016-01-08 11:20:58 +0000
committer	reyk <reyk@openbsd.org>	2016-01-08 11:20:58 +0000
commit	8bc79b23701472461a1aa16b049b5b8be3113902 (patch)
tree	bc8691d2a3c191a02162a3e74888ef18979898ef /sys/dev/pci
parent	Use unorderd list to store sub-device configuration (we don't use (diff)
download	wireguard-openbsd-8bc79b23701472461a1aa16b049b5b8be3113902.tar.xz wireguard-openbsd-8bc79b23701472461a1aa16b049b5b8be3113902.zip

Add "vmm" pledge to allow restricted ioctl access to /dev/vmm.

This will allow to pledge vmd(8)'s vmm and vm processes, so that VMs themselves run "sandboxed", including their host-side virtio layer. It will remain disabled for now (in userland) to not get into the way of ongoing development and upcoming changes in vmd and the ioctl interface. OK mlarkin@ deraadt@ "kernel side in, but not the callers in userland"

Diffstat (limited to 'sys/dev/pci')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: