From: George Dunlap Date: Thu, 7 Feb 2019 12:41:17 +0000 (+0000) Subject: docs: features/qemu-depriv formatting fixes X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=aca21442499c04b70d84164b46744b35ee7b8bf4;p=people%2Fpauldu%2Fxen.git docs: features/qemu-depriv formatting fixes Need a space between the paragraph and the list so pandoc knows it's a list. Signed-off-by: George Dunlap Acked-by: Andrew Cooper Release-acked-by: Juergen Gross --- diff --git a/docs/features/qemu-deprivilege.pandoc b/docs/features/qemu-deprivilege.pandoc index cfe528b1d3..4ef119c821 100644 --- a/docs/features/qemu-deprivilege.pandoc +++ b/docs/features/qemu-deprivilege.pandoc @@ -109,15 +109,17 @@ See docs/design/qemu-deprivilege.md for technical details. # Limitations The following features still need to be implemented: - * Inserting a new cdrom while the guest is running (xl cdrom-insert) - * Support for qdisk backends + +* Inserting a new cdrom while the guest is running (xl cdrom-insert) +* Support for qdisk backends A number of restrictions still need to be implemented. A compromised device model may be able to do the following: - * Delay or exploit weaknesses in the toolstack - * Launch "fork bombs" or other resource exhaustion attacks - * Make network connections on the management network - * Break out of the restrictions after migration + +* Delay or exploit weaknesses in the toolstack +* Launch "fork bombs" or other resource exhaustion attacks +* Make network connections on the management network +* Break out of the restrictions after migration Additionally, getting PCI passthrough to work securely would require a significant rework of how passthrough works at the moment. It may be