This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] bug in dom create script regarding xenstore permission?

To: Vincent Hanquez <vincent.hanquez@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] bug in dom create script regarding xenstore permission?
From: weiming <zephyr.zhao@xxxxxxxxx>
Date: Wed, 15 Jul 2009 08:52:57 -0400
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 15 Jul 2009 05:53:55 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type; bh=ARtlmfe6m0Hsc8b5Tn/QTqGga7xGaPawT2A1lQ6ETyk=; b=MO/iZJArSPXdaA2uSF+VWJJy3pA5VtQXJoyvgdQRvbu4I/VbBfkbeI3eQ2xnOBNgJR rIRHOhQnsGTJkhVzdD0S/CCWFQlwDRGW7ENtVYmnffSdFmmCWE7VVcEuRBTHqgik12cc +oVxtWsUgnWBt6T7pSmj/vh7Yh1QQvNfOMWk0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=TZs94p8PNj7y2PO9VU7hhmnTDvS/0Wq/ZmwVDN8RpL52ztIiytio4hsdn2DIp3jZmU m5+1xgj8GOuOEaenCaRpP+lNJoGOYT30B2kZDvGeSyIkKVkIsQWFtsobS8uK1S/AGA2x GaW4b6dYoGrYZjdWsKVamI8Vw3xxsD5B+xeSQ=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4A5DAFB5.8040300@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <add59a3f0907141040re927e54j9fbe311b1988c75f@xxxxxxxxxxxxxx> <4A5CC423.1080604@xxxxxxxxxxxxx> <add59a3f0907141105r6cb76ce3md272351f199614ac@xxxxxxxxxxxxxx> <4A5DAFB5.8040300@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
But as I said in the first post, /local/domain/<domid>/* is readonly to that domain of <domid>
That makes me feel weird. (and you told me it's for security purpose. :D)


On Wed, Jul 15, 2009 at 6:30 AM, Vincent Hanquez <vincent.hanquez@xxxxxxxxxxxxx> wrote:
weiming wrote:
Hi Vincent,

Thanks for letting me know.

Is their any way to override this default behavior?
I have a script in domU, which is supposed to post some info to xenstore after it boots up.
Yes, I can manually grant permission after I create a guest domain, but I wish I could automated it.
I don't really know how to do that exactly; you have to look at where the /local/domain/<domid>/ entry get created, and put an explicit setperm there.

However I think changing your script in a domU is the way forward. there are other place in xenstore (have a look at maybe /vm/<uuid>/ and /local/domain/<domid>/*/ ) that are still writable.


Xen-devel mailing list