| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
[Xen-API] RE: [Xen-devel] [PATCH] xapi toolstack (xen-api-libs): fix com
Hi Andreas,
XS_RESTRICT is defined in this Xen patch-queue:
http://xenbits.xen.org/xapi/xen-3.4.pq.hg?file/c01d38e7092a/restrict_xenstored
Basically, it is used by xapi/oxenstored to drop the xenstore permissions of
qemu inside dom0. This gives to qemu processes the same permissions than their
associated domU concerning read/write of xenstore nodes. It is quite useful to
avoid any security issue with qemu backends.
Because of that, your patch will broke the starting of HVM domains for XCP. I
believe the best fix for this is to upstream our Xen patch-queue :-) and in a
more practical way, I believe we should do something like:
1. Add a #define XS_RESTRICT in
http://xenbits.xen.org/xapi/xen-3.4.pq.hg?file/c01d38e7092a/restrict_xenstored
2. In xen-api-libs.hg/xb/xb_stubs.c, test if XS_RESTRICT is defined. If yes,
use the value if XS_RESTRICT, else use a default value (128, as defined in the
patch queue, for example).
About xb.mli file: it is supposed to be the exposed interface, which contains
some bits of documentation, so it cannot be auto-generated. Thus, it would be
better to not remove it.
Cheers,
Thomas
> -----Original Message-----
> From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-devel-
> bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Andreas Florath
> Sent: Friday, November 06, 2009 12:51 PM
> To: xen-devel@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-devel] [PATCH] xapi toolstack (xen-api-libs): fix compile
> errors
>
> Hello!
>
> There are two compile errors when 'make allxen' in xen-api-libs.
>
> o XS_RESTRICT is not defined (c compiler error) o xb.mli file was checked
> in (ocaml error)
>
> The attached patch should remove those problems.
>
> Kind regards - Andreas
_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api
|
|
|
| |
|
Home