-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, Oct 31, 2015 at 02:34:30PM +0100, Marek Marczykowski wrote:
> On Sun, Oct 25, 2015 at 02:18:17AM -0700,
niepo...@gmail.com wrote:
> > Hello,
> >
> > I have pcmcia wifi card and I want start its with sys-net (device is assigned to sys-net)
> > When I put card into pcmcia slot cart its firstly assigned to dom0 and next I can start sys-net. Without assignig this card firstly to dom0 I can't start sys-net as there is message showed info "there is no device" or something simillar.
> > How prevent assignig this card to dom0 and start this device only in sys-net?
>
> If you plug the card before starting the system, it will be assigned to
> xen-pciback driver (which among other things, prevents dom0 driver
> touching the device). But this is done automatically only at system
> startup. If you plug the device later, there is no such mechanism
> currently.
>
> Anyway there is nothing in dom0 which would configure the device, so if
> the device itself isn't malicious, dom0 would not be exposed for network
> access.
>
> @Joanna: should we add some udev rule to automatically attach such
> devices to xen-pciback driver? Allowing hotplug of DMA capable devices
> to dom0 isn't a good idea, but but at least we could have some
> mitigation factor.
>
How would you like to define "such devices"?
joanna.
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJWNdnxAAoJEDOT2L8N3GcYqucP/2kv8whDx3Xwi9NvfrRzgm4J
ptstOYN5AQMjOv1TB3Xl/biaU0UDru+FuNiDIsW333xZQ08M0cn5L8KOYDNp7pR/
tAkeuSf2VaJ2PqqQ4jevtXllT62IiKaQex4pmAu4Ao1w2TpU9cfPyik0yd/XFXkD
1ynWMSCgCz7EvrtTaaTZee1aHGZ/FGRQk+WdbQO2q0ylovIVLcdmrBazfNf7YEpu
vKNYqGkD6GgFEb6e7HP/q2HnB9FeT+2F7gGu3s5Awe9tNrA7iCvKxccC8ot811M1
V3tzR8s9HhNbQWAl5gNqey9/hPZi4HMxTTzr84tGXPAIwcKVvdcdR45xVo47BYY7
1JNvqb3TRDDpkAoKHUKOMBo3Iz9axtVaKT4nVOeZCpGJdfhtJNtPqZcfAiJJYNKg
1UELfavtLoBGweK2zjHeFTDxw7prJZZVd9jqQlOnDk4xHgY7DNSXpNI/33+CckMk
x8c+rUx4wNdyg9OML/LfBeVJzlMZZobsID8gQmCvkaezoO8do9qryvjWGJQpwx5I
M5OEnh+JbJ4lHUORevNU9NyRa0ZfG0wUjnuF1p4TgSuErawOi3C66bt20xIok4SP
15EK1pAknW6LjFHfPKjr2db7cRzUuNZrAGSpYahn8zxAKc1G4gKkD81bRTPz77xP
9uvOjYo5DJXKrBc23UeG
=O+uN
-----END PGP SIGNATURE-----