On 01/04/2021 14:38, George Dunlap wrote: > ...grouped by submitters / maintainers > > Signed-off-by: George Dunlap <george.dun...@citrix.com> > --- > CC: Juergen Gross <jgr...@suse.com> > CC: Jan Beulich <jbeul...@suse.com> > CC: Ian Jackson <ian.jack...@citrix.com> > --- > CHANGELOG.md | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/CHANGELOG.md b/CHANGELOG.md > index 2f26cd5c87..9c272a0113 100644 > --- a/CHANGELOG.md > +++ b/CHANGELOG.md > @@ -28,8 +28,11 @@ The format is based on [Keep a > Changelog](https://keepachangelog.com/en/1.0.0/) > - Factored out HVM-specific shadow code, improving code clarity and > reducing the size of PV-only hypervisor builds > - Added XEN_SCRIPT_DIR configuration option to specify location for Xen > scripts, rather than hard-coding /etc/xen/scripts > - xennet: Documented a way for the backend (or toolstack) to specify MTU to > the frontend > + - Fix permissions for watches on @introduceDomain and @releaseDomain: By > default, only privileged domains can set watches; but specific domains can be > given permission in order to allow disaggregation.
This is XSA-115, and isn't something new in 4.15 vs 4.14. (I think?) > + - xenstore can now be live-updated on a running system. This needs to be very clear that it is tech preview. It does not currently work cleanly if a malicious VM deliberately holds a transaction open. ~Andrew
