WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] ACL for DomUs

from [Steve Kemp] [Permanent Link][Original]
To: Reinhard Brandst?dter <reinhard.brandstaedter@xxxxxx>
Subject: Re: [Xen-users] ACL for DomUs
From: Steve Kemp <steve@xxxxxxxxxxxx>
Date: Wed, 2 May 2007 10:10:21 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 02 May 2007 02:40:39 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <200705021046.37494.reinhard.brandstaedter@xxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <200704301002.15852.reinhard.brandstaedter@xxxxxx> <20070430103931.GA26169@xxxxxxxxxxxx> <200705020856.11665.reinhard.brandstaedter@xxxxxx> <200705021046.37494.reinhard.brandstaedter@xxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11) 
On Wed, May 02, 2007 at 10:46:37AM +0200, Reinhard Brandst?dter wrote:

> > This looks pretty promising and of course I had to try it immediately.

  :)

> The reason for this behavior was that the user using the xen-shell didn't 
> have 
> rights to read the /etc/xen directory. with the right permissions xen-shell 
> shows the available machines.

  I'll add a check to make sure that is reported accurately at startup.

> 1.) either make xen-shell aware of wildcards. If a domU 'name=' contains 
> any %d in the xen config, all VMs that match are added to the user's access 
> list.

  That seems like it would be less general than I'd like.

> 2.) everytime a domain is created and its name is based on a wildcard create 
> a 'dummy' xen config file that only contains the resulting domain name and 
> the xen_shell attribute. e.g. for me that would be:
> 
> /etc/xen/apache-1
> name = "apache-1"
> xen_shell = 'apacheadm'

  That is the solution I'd propose since it fits your usage, and
 requires no changes from me!

Steve
-- 
# Commercial Debian GNU/Linux Support
http://www.linux-administration.org/


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] hdparm strange behaviour on centos 5.0 using the latest kernel, Vikas
Next by Date:  [Xen-users] Best Practise for Xen in "clustered" Environment, Stephan Seitz
Previous by Thread:  Re: [Xen-users] ACL for DomUs, Reinhard Brandstädter
Next by Thread:  Re: [Xen-users] ACL for DomUs, Reinhard Brandstädter
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy