This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] PATCH: Actually make /local/domain/$DOMID readonly to th

To: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] PATCH: Actually make /local/domain/$DOMID readonly to the guest
From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Date: Thu, 18 Dec 2008 17:49:51 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 18 Dec 2008 09:50:20 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C5703706.10B0%keir.fraser@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20081218155306.GV23277@xxxxxxxxxx> <C5703706.10B0%keir.fraser@xxxxxxxxxxxxx>
Reply-to: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.1i
On Thu, Dec 18, 2008 at 05:21:10PM +0000, Keir Fraser wrote:
> On 18/12/2008 15:53, "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote:
> > Explicitly give Dom0 permissions on the /local/domain/$DOMID so it
> > becomes the owner of the path. The guest is then granted read perm
> > on the path.
> Thanks Daniel, that's a nasty one!
> However there are other places in xend that commit the same error, and this
> interface weakness would doubtless bite us again in future. Hence the patch
> I actually committed (c/s 18933) actually takes a different strategy: in the
> bowels of the xend xenstore C package I check to see if the caller is try to
> change permissions of the node owner, and if so I fudge in dom0 as the owner
> instead. A bit grim, but I think probably a safer bet in this instance.

I think that looks correct to me. The easy way to test is to try and
write to '/local/domain/$DOMID/console/tty' from within the guest and
see if it succeeds or not 

|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

Xen-devel mailing list