...
Info | ||
---|---|---|
| ||
Copyright 2013 by Citrix Systems, Inc. This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/. |
Table of Contents |
---|
Introduction
...
Code Block | ||
---|---|---|
| ||
# nothing can be done by default deny all # allow stubdoms to talk to surfman,xenmgr,dbus allow stubdom true destination com.citrix.xenclient.surfman allow stubdom true destination com.citrix.xenclient.xenmgr allow stubdom true destination org.freedesktop.DBus interface org.freedesktop.DBus # allow guests to call 'gather' on diagnostics interface (required by xc-diag)allow destination com.citrix.xenclient.xenmgr interface com.citrix.xenclient.xenmgr.diag member gather # allow anybody to do some vm queries required for switcher bar allow destination com.citrix.xenclient.xenmgr interface org.freedesktop.DBus.Properties member Get allow destination com.citrix.xenclient.xenmgr interface com.citrix.xenclient.xenmgr member list_vms allow destination com.citrix.xenclient.xenmgr interface com.citrix.xenclient.xenmgr.vm member get_db_key allow destination com.citrix.xenclient.xenmgr interface com.citrix.xenclient.xenmgr.vm member read_icon allow destination com.citrix.xenclient.xenmgr interface com.citrix.xenclient.xenmgr.vm member switch allow destination com.citrix.xenclient.input interface com.citrix.xenclient.input member get_focus_domid allow destination com.citrix.xenclient.xenmgr interface com.citrix.xenclient.xenmgr member find_vm_by_domid # allow guest to do some requests allow destination com.citrix.xenclient.xenmgr interface com.citrix.xenclient.xenmgr.guestreq member request_attention # allow conditional domstore (private db space) access allow destination com.citrix.xenclient.db interface com.citrix.xenclient.db member read if-boolean domstore-read-access true allow destination com.citrix.xenclient.db interface com.citrix.xenclient.db member read_binary if-boolean domstore-read-access true trueallowallow destination com.citrix.xenclient.db interface com.citrix.xenclient.db member list if-boolean domstore-read-access true allow destination com.citrix.xenclient.db interface com.citrix.xenclient.db member exists if-boolean domstore-read-access true # allow destination com.citrix.xenclient.db interface com.citrix.xenclient.db member write if-boolean domstore-write-access true allow destination com.citrix.xenclient.db interface com.citrix.xenclient.db member rm if-boolean domstore-write-access true |
...
key name | type | description | ||||
---|---|---|---|---|---|---|
hvm | s | command line given to the kernel | ||||
startup | s | specify what to do with the domain at startup possibles value: started, paused, shutdown or restore | ||||
debug | b | logs all operations to /tmp/xenvm-debug-%uuid | ||||
uuid | s | specify the domain uuid (default to autogeneration) | ||||
on_crash | s | specify the action to be taken after notifying a | ||||
on_halt | s | crash/halt/reboot. possible values: | ||||
on_reboot | s | preserve, reboot, destroy | ||||
kernel | s | specify where to find the kernel to boot (can be empty for hvm. default to hvmloader) | ||||
memory | i | specify the memory given to the guest in megabytes | ||||
vcpus | i | number of vcpus available to the guest | ||||
disk | s | add a virtual disk. | ||||
format: physpath:phystype:virtpath:mode:devty[:k=v...] | ||||||
- physpath: path to the disk image, raw device, .. | ||||||
- phystype: phy | ||||||
- virtpath: hd(a-d) | ||||||
- mode: r | ||||||
- devtype = cdrom | ||||||
- extra k=v arguments (cipher, key-size, key-file) | ||||||
nic | s | add a virtual nic. | ||||
format: key=value,key=value,... (can be empty) | ||||||
supported key: bridge, mac, id | ||||||
examples: | ||||||
"nic = bridge=xen-br0,mac=ab:ef:fe:dc:ba:ab" | ||||||
"nic = mac=ab:ef:fe:dc:ba:ab" | ||||||
"nic = " | ||||||
pci | s | add a pci device. | ||||
format: devid,bind,domain:bus device.function | ||||||
serial | s | redirect serial to device or network tcp:ip:port | ||||
ex: "pty" or "tcp:1.2.3.4:1234" | ||||||
display | s | details the type of display available for the guest | ||||
format: :key[=value],key[=value],... | ||||||
possible values: | ||||||
- none | ||||||
- vnc (keys allowed: use-port-unused, keymap, port) | ||||||
- sdl | ||||||
- intel |
(the following are just useful for pv)
...
key name | type | description | ||||
---|---|---|---|---|---|---|
pae | b | specify that the guest is using PAE | ||||
acpi | b | specify that the guest is using ACPI | ||||
apic | b | specify that the guest is using APIC | ||||
nx | b | specify that the guest is using NX | ||||
smbios-pt | b | specify that the guest is using smbios pass-through | ||||
smbios-oem-type-pt | i | tables number to passthrough | ||||
acpi-pt | b | specify that the guest is using ACPI pass-through | ||||
diskinfo-pt | b | specify the guest is using SCSI diskinfo pass-through | ||||
boot | s | specify the qemu boot string | ||||
extra-hvm | k=v | specify extra arguments passthrough to qemu as -k v | ||||
power-management | i | specify the power management passthrough mode | ||||
- 1 : pass-through mode (limited scope) | ||||||
- 2 : non pass-through mode (in doubt use this) | ||||||
oem-features | i | specify whether or not to pass through oem features. | ||||
Note: At the moment any integer value can be passed | ||||||
but this is likely to change in future especially if | ||||||
we decide to pass through a subset of oem features | ||||||
and let user configure that subset. | ||||||
timer-mode | i | specify the timer mode used. | ||||
timeoffset | s | specify the time offset (i.e. timezone) used. | ||||
pci-msitranslate | i | specify whether to use MSI-INTx translation for guest. | ||||
pci-power-management | i | specify whether or not to enable Dx power management | ||||
for passthrough devices. | ||||||
inject-sci | i | specify whether or not to inject SCIs like lid close, | ||||
power button press to guest. (Default: no injection) |
...