|
|
|
|
|
|
|
|
|
|
xen-api
RE: [Xen-devel] Generic PV Guests on XCP?
On Mon, 2010-03-29 at 19:21 +0100, Phil Winterfield (winterfi) wrote:
> Ian-
>
> I have taken your advice and created a generic template using
> vm-create, but for some reason it doesn’t like the kernel path, even
> though it is clearly accessible - see below. Any ideas?
Some security stuff got added to xapi recently which requires that the
guest kernel and ramdisk be under "/boot/guest/". I'm not really sure
why -- I think it's because with RBAC non root users with the VM admin
role can set PV-kernel/PV-initrd/etc (imagine setting PV-initrd
to /etc/shadow) but I'm not sure why restricting to just /boot wasn't
sufficiently secure.
If you move (or symlink) your stuff to /boot/guest and
use /boot/guest/ios/i86bi_etcetc I think things should work.
Ian.
>
> Phil
>
>
> [root@xenserver-wvgdltag ~]# xe vm-create name-label=IOSonXen
> name-description="Paravirtualized IOS on Xen"
> 5c56afe3-a729-bcaa-a543-d87987167a3d
> [root@xenserver-wvgdltag ~]# xe vm-param-set
> uuid=5c56afe3-a729-bcaa-a543-d87987167a3d \
> > PV-kernel='/boot/ios/i86bi_xen-ipbase-ms' \
> > PV-args= \
> > PV-bootloader= \
> > PV-bootloader-args= \
> > memory-static-min=2048 \
> > VCPUs-at-startup=1 \
> > other-config:pause=1 \
> > other-config:disable_pv_vnc=1
> [root@xenserver-wvgdltag ~]# xe vm-start
> uuid=5c56afe3-a729-bcaa-a543-d87987167a3d
> Caller not allowed to perform this operation.
> message: illegal kernel path /boot/ios/i86bi_xen-ipbase-ms
> [root@xenserver-wvgdltag ~]# ls -l /boot/ios/i86bi_xen-ipbase-ms
> -rwxr-xr-x 1 root root 61649099 Mar 23 13:37 /boot/ios/i86bi_xen-ipbase-ms
> [root@xenserver-wvgdltag ~]#
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|