This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] xm create as root vs xm destroy as normal user

On Mon, 2005-06-27 at 12:42 -0500, Bob Tanner wrote:
> On Saturday 25 June 2005 06:52 pm, Kip Macy wrote:
> > There is currently no notion of capabilities. In 3.0 the default
> > communication path between xm and xend is now a unix domain socket so
> > by default only root can execute xm commands.
> I'm sorry, I do not understand the answer. The "no notion of capabilities", 
> does that mean "yes, non-root users can stop Xen sessions in 2.x"?

It means that there was no security whatsoever on the communication
channel to xend.  AFAIK, anyone who could connect to a local port was
permitted to issue any commands to xend, including stopping a Xen
session.  That is fixed in Xen 3.0 by using a unix domain socket by
default, which can have filesystem permissions set on it.  If you need
some protection in Xen 2.0, you should set up firewall rules to restrict
access to the xend port (and the various domain console ports as well);
iptables can filter on local user/group information, which might be
useful for that purpose.

- Josh Triplett

Xen-devel mailing list