xen-devel

[Top] [All Lists]

Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid

from [Markus Armbruster]

[Permanent Link][Original]

To:	Christian.Limpach@xxxxxxxxxxxx
Subject:	Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid
From:	Markus Armbruster <armbru@xxxxxxxxxx>
Date:	Fri, 19 May 2006 19:21:08 +0200
Cc:	Chris Wright <chrisw@xxxxxxxxxxxx>, Xen devel list <xen-devel@xxxxxxxxxxxxxxxxxxx>, Christian Limpach <chris@xxxxxxxxxxxxx>
Delivery-date:	Fri, 19 May 2006 10:21:33 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<3d8eece20605190243v626b894bp1f5e6f4ff23e56d1@xxxxxxxxxxxxxx> (Christian Limpach's message of "Fri, 19 May 2006 10:43:18 +0100")
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<87y7wzmeqb.fsf@xxxxxxxxxxxxxxxxx> <a74fd46bb61fffb16ab812859d83d8e8@xxxxxxxxxxxx> <20060519074112.GF2724@xxxxxxxxxxxxxxxxx> <3d8eece20605190243v626b894bp1f5e6f4ff23e56d1@xxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Gnus/5.1008 (Gnus v5.10.8) Emacs/21.4 (gnu/linux)

"Christian Limpach" <christian.limpach@xxxxxxxxx> writes:

> On 5/19/06, Chris Wright <chrisw@xxxxxxxxxxxx> wrote:
>> * Keir Fraser (Keir.Fraser@xxxxxxxxxxxx) wrote:
>> > Christian has a fair point that, if you're just reading it out of
>> > xenstore, you could do that directly from user space. I suppose there
>> > is an argument of necessary privileges to do so however, since you need
>> > to be root to open the xenstore device file.
>>
>> Privileges part is a bit annoying.  But if the envisioned user
>> is unprivilged, some init script could always stash uuid in a
>> world readable file.
>
> This solution, as any solution which exposes the uuid to the guest,
> will break if/when we support VM forking.
[...]

Is there any scenario other than VM forking that makes the UUID
change?

Can we agree that machines having a UUID is useful?  Real machines
have one, for a reason.

VM forking has no non-virtual equivalent, hasn't it?  It's just one of
the things that are different in a virtual environment.  If your
virtual machine differs in a noticeable ways from real machines, you
can't expect all software to just work.  Software broken by the
difference needs to be adapted to the environment.  In the case of
forking VMs, you have to teach it to expect and cope with UUID
changes.  I don't see why we should break software that wants a UUID
now, by refusing to disclose the UUID we have, rather than possibly
later, when we fork VMs.

>                                            Nevertheless, at this point
> I'd almost prefer adding a version sub hypercall since that gives you
> at least a chance at getting an up to date value.

What's the technical advantage of a version sub hypercall over
xenbus_read()?

>                                                    Alternatively, you
> could add some code to the xenstore dev driver to only allow read-only
> access for non-root users.

Does the dev driver enforce root?  Isn't that policy in the kernel?

Is it safe to allow unpriveleged read-only access to *all* of xenstore
in domU?

[...]

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] [PATCH] /sys/hypervisor/uuid, Markus Armbruster Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Keir Fraser Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Chris Wright Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Christian Limpach Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, John Levon Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Jeremy Katz Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Christian Limpach Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Jeremy Katz Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Christian Limpach Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Markus Armbruster <= Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Keir Fraser Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Markus Armbruster Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Keir Fraser Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Jeremy Katz Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Keir Fraser Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Jeremy Katz Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Christian Limpach Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Jeremy Katz Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Anthony Liguori Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Jeremy Katz

Previous by Date:	Re: [Xen-devel] [PATCH] Make "xm mem-set" be lower bound on domX-min-mem, Gareth S Bestor
Next by Date:	Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Jeremy Katz
Previous by Thread:	Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Christian Limpach
Next by Thread:	Re: [Xen-devel] [PATCH] /sys/hypervisor/uuid, Keir Fraser
Indexes:	[Date] [Thread] [Top] [All Lists]