|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] xm create as root vs xm destroy as normal user
On Mon, 2005-06-27 at 12:42 -0500, Bob Tanner wrote:
> On Saturday 25 June 2005 06:52 pm, Kip Macy wrote:
> > There is currently no notion of capabilities. In 3.0 the default
> > communication path between xm and xend is now a unix domain socket so
> > by default only root can execute xm commands.
>
> I'm sorry, I do not understand the answer. The "no notion of capabilities",
> does that mean "yes, non-root users can stop Xen sessions in 2.x"?
It means that there was no security whatsoever on the communication
channel to xend. AFAIK, anyone who could connect to a local port was
permitted to issue any commands to xend, including stopping a Xen
session. That is fixed in Xen 3.0 by using a unix domain socket by
default, which can have filesystem permissions set on it. If you need
some protection in Xen 2.0, you should set up firewall rules to restrict
access to the xend port (and the various domain console ports as well);
iptables can filter on local user/group information, which might be
useful for that purpose.
- Josh Triplett
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|