forge/qports
1
0
Fork 0
Code Issues 10 Pull requests Projects Releases Packages 35 Wiki Activity Actions

qubes-db-vm: add xen_privcmd modprobe config #385

Merged
forge merged 1 commit from qubes-db-vm/fix-xen-privcmd into main 2026-05-12 00:31:02 +00:00
Conversation 0 Commits 1 Files changed 2 +11 -1
forge commented 2026-05-12 00:13:17 +00:00
Owner
Copy link

XSA-482 patch modified behavior of /dev/xen/privcmd, to disallow most
operations. This breaks vchan which uses xc_evtchn_status() (not
available via /dev/xen/evtchn yet).
Until proper abstraction via /dev/xen/evtchn is available, lift the
limitation via kernel parameter.

Unfortunately, the usual cmdline 'xen_privcmd.unrestrictedused in other OSs does not work on Alpine Linux. We need to setxen_privcmd.unrestricted=1`. Thus, set via modprobe conf

XSA-482 patch modified behavior of /dev/xen/privcmd, to disallow most operations. This breaks vchan which uses xc_evtchn_status() (not available via /dev/xen/evtchn yet). Until proper abstraction via /dev/xen/evtchn is available, lift the limitation via kernel parameter. Unfortunately, the usual cmdline 'xen_privcmd.unrestricted` used in other OSs does not work on Alpine Linux. We need to set `xen_privcmd.unrestricted=1`. Thus, set via modprobe conf
qubes-db-vm: add xen_privcmd modprobe config
Some checks failed
/ deploy-v3.23 (pull_request) Blocked by required conditions
Details
/ build-edge (pull_request) Successful in 1m22s
Details
/ deploy-edge (pull_request) Waiting to run
Details
/ build-v3.22 (pull_request) Successful in 1m36s
Details
/ deploy-v3.22 (pull_request) Waiting to run
Details
/ lint (pull_request) Has been cancelled
Details
/ build-v3.23 (pull_request) Has been cancelled
Details
5fd5e0b047
 
XSA-482 patch modified behavior of /dev/xen/privcmd, to disallow most
operations. This breaks vchan which uses xc_evtchn_status() (not
available via /dev/xen/evtchn yet).
Until proper abstraction via /dev/xen/evtchn is available, lift the
limitation via kernel parameter.

Unfortunately, the usual cmdline 'xen_privcmd.unrestricted` used in
other OSs does not work on Alpine Linux. We need to set
`xen_privcmd.unrestricted=1`. Thus, set via modprobe conf
forge force-pushed qubes-db-vm/fix-xen-privcmd from 5fd5e0b047
Some checks failed
/ deploy-v3.23 (pull_request) Blocked by required conditions
Details
/ build-edge (pull_request) Successful in 1m22s
Details
/ deploy-edge (pull_request) Waiting to run
Details
/ build-v3.22 (pull_request) Successful in 1m36s
Details
/ deploy-v3.22 (pull_request) Waiting to run
Details
/ lint (pull_request) Has been cancelled
Details
/ build-v3.23 (pull_request) Has been cancelled
Details
to 6d9d0e38fe
All checks were successful
/ build-edge (pull_request) Successful in 1m29s
Details
/ build-v3.22 (pull_request) Successful in 1m36s
Details
/ lint (pull_request) Successful in 26s
Details
/ build-v3.23 (pull_request) Successful in 1m54s
Details
/ deploy-v3.22 (pull_request) Successful in 27s
Details
/ deploy-v3.23 (pull_request) Successful in 29s
Details
/ deploy-edge (pull_request) Successful in 29s
Details
2026-05-12 00:15:07 +00:00 Compare
forge merged commit 6d9d0e38fe into main 2026-05-12 00:31:02 +00:00
forge deleted branch qubes-db-vm/fix-xen-privcmd 2026-05-12 00:31:02 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
r4.2

   
r4.3

   
r4.4
No labels
r4.2
r4.3
r4.4
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forge/qports!385
No description provided.