Enable MAC isolation of dom0 from network traffic

Description

Define run-time and/or build-time procedure for configurable Xen-based isolation of dom0 from NDVM network traffic, e.g. XSM policy to ensure there is no VIF attached to dom0, optional instructions to connect dom0 to a specific NDVM for debug/test.

In some configurations, dom0 may have a connected VIF even if there's no visible IP address. The following toolstack command does not directly control VIF presence for dom0, e.g. setting the value to 'false' does not terminate an active dom0 network connection and VIF/IP remain assigned and functional.

xec-vm -n vmname get enable-dom0-networking
xec-vm -n vmname set enable-dom0-networking true/false

Validation Steps

None

Assignee

Unassigned

Reporter

Rich Persaud

Labels

None

QA Assignee

None

QA Image URL

None

Components

Fix versions

Priority

Major
Configure