WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] protecting xen startup

from [Mark Williamson] [Permanent Link][Original]
To: Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
Subject: Re: [Xen-devel] protecting xen startup
From: Mark Williamson <maw48@xxxxxxxxxxxxxxxx>
Date: Tue, 23 Nov 2004 22:49:24 +0000 (GMT)
Cc: xen-devel@xxxxxxxxxxxx
Delivery-date: Tue, 23 Nov 2004 22:58:23 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <20041123205152.GA5146@xxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <20041123170546.GB6250@xxxxxxxx> <Pine.LNX.4.60.0411231802570.3258@xxxxxxxxxxxxxxxxxxxxxx> <20041123205152.GA5146@xxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx 
is there anything preventing that interface from being removed, such
that the client/server bit is munged into a single application?
In older releases, there wasn't a Xend. Instead we had a set of management scripts that called various operations directly. You could in principle munge xm and xend together into a big megatool but it wouldn't be pretty.
Xend makes concurrency control much easier, provides a central point of contact regarding machine state and demuxes the virtual consoles of the domain. You'd have to address these problems in addition to combining the tools, which would take a fair bit of hacking to do properly. 


Not exactly.  At the Linux Level, there aren't any extra Xen system calls.
Most commands are issued to Xen by performing ioctls on the
/proc/xen/privcmd file.


GREAT.

that means that it will be possible to lock down at the very least the
access to /proc/xen and later, should it prove worthwhile, to protect
each ioctl with a new selinux security id per ioctl command.
Right now, only root (actually, probably users with the CAP_SYSADMIN capability or similar) can do operations on /proc/xen. Also, many Xen operations are mapped onto one ioctl call so as it is you can't do very fine grained protection based on ioctl number. What you describe would be technically possible if a separate ioctl was allocated for each operation, though. 

Cheers,
Mark


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ 
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Xen cluster n/w performance (again!), Ian Pratt
Next by Date:  Re: [Xen-devel] vif-bridge question, Matthieu
Previous by Thread:  Re: [Xen-devel] protecting xen startup, Luke Kenneth Casson Leighton
Next by Thread:  Re: [Xen-devel] protecting xen startup, Luke Kenneth Casson Leighton
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy