[r4.2] qubes-db-vm: add xen_privcmd modprobe config #388

Merged

forge merged 1 commit from qubes-db-vm/fix-xen-privcmd-42 into r4.2

2026-05-12 01:15:26 +00:00

forge commented

2026-05-12 01:09:27 +00:00

Owner

Unfortunately, the usual cmdline 'xen_privcmd.unrestrictedused in other OSs does not work on Alpine Linux. We need to setxen_privcmd.unrestricted=1`. Thus, set via modprobe conf

XSA-482 patch modified behavior of /dev/xen/privcmd, to disallow most operations. This breaks vchan which uses xc_evtchn_status() (not available via /dev/xen/evtchn yet). Until proper abstraction via /dev/xen/evtchn is available, lift the limitation via kernel parameter. Unfortunately, the usual cmdline 'xen_privcmd.unrestricted` used in other OSs does not work on Alpine Linux. We need to set `xen_privcmd.unrestricted=1`. Thus, set via modprobe conf

forge added 1 commit

2026-05-12 01:09:27 +00:00

qubes-db-vm: add xen_privcmd modprobe config

/ build-edge (pull_request) Successful in 1m32s

Details

/ build-v3.23 (pull_request) Successful in 1m31s

Details

/ build-v3.22 (pull_request) Successful in 1m50s

Details

/ lint (pull_request) Successful in 28s

Details

/ deploy-edge (pull_request) Successful in 31s

Details

/ deploy-v3.23 (pull_request) Successful in 31s

Details

/ deploy-v3.22 (pull_request) Successful in 32s

Details

e918e22393

XSA-482 patch modified behavior of /dev/xen/privcmd, to disallow most
operations. This breaks vchan which uses xc_evtchn_status() (not
available via /dev/xen/evtchn yet).
Until proper abstraction via /dev/xen/evtchn is available, lift the
limitation via kernel parameter.

Unfortunately, the usual cmdline 'xen_privcmd.unrestricted` used in
other OSs does not work on Alpine Linux. We need to set
`xen_privcmd.unrestricted=1`. Thus, set via modprobe conf

forge merged commit e918e22393 into r4.2

2026-05-12 01:15:26 +00:00

forge deleted branch qubes-db-vm/fix-xen-privcmd-42

2026-05-12 01:15:27 +00:00