WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselve

from [Vincent Hanquez] [Permanent Link][Original]
To: Keir Fraser <keir@xxxxxxx>
Subject: Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves
From: Vincent Hanquez <vincent.hanquez@xxxxxxxxxxxxx>
Date: Tue, 9 Aug 2011 13:33:21 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 09 Aug 2011 05:27:03 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CA66D91A.30242%keir@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <CA66D91A.30242%keir@xxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110626 Icedove/3.1.11 
On 08/09/2011 12:31 PM, Keir Fraser wrote:

Do you have any examples of projects which could run with much lesser
privilege, and very constrained xenstore access, if a suitably controlled
xenstore interface was provided?


There's a bunch of program that doesn't need much more than read/write to a 
specific limited part of xenstore.

- Guest agents (reporting stats usually)
- things listening to some actions (snapshot yourself, export some storage 
thing, etc..)

Perhaps a variant of the restrict packet would be enough to drop some privileges
of the xenbus connection (at connection time) to read/write to a specific path.

--
Vincent

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Re: [linux bisection] complete test-amd64-i386-win-vcpus1, Ian Jackson
Next by Date:  [Xen-devel] Re: [PATCH] xen: modify kernel mappings corresponding to granted pages, Ian Campbell
Previous by Thread:  Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves, Keir Fraser
Next by Thread:  Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves, Vincent Hanquez
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy