WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration

from [John Levon] [Permanent Link][Original]
To: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration
From: John Levon <levon@xxxxxxxxxxxxxxxxx>
Date: Tue, 30 Sep 2008 17:39:43 +0100
Cc: Pascal Bouchareine <pascal@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Delivery-date: Tue, 30 Sep 2008 09:40:25 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20080930163552.GF15442@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20080930153054.GE15442@xxxxxxxxxx> <C5080DC1.279C8%keir.fraser@xxxxxxxxxxxxx> <20080930163552.GF15442@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.9i 
On Tue, Sep 30, 2008 at 05:35:52PM +0100, Daniel P. Berrange wrote:

> On Tue, Sep 30, 2008 at 05:09:21PM +0100, Keir Fraser wrote:
> > On 30/9/08 16:30, "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote:
> > 
> > > Console data
> > > 
> > >  /local/domain/%d/console/vnc-port
> > >  /local/domain/%d/console/tty
> > 
> > Duplicating this pair of nodes sounds fine to me, *but* then libvirt is
> > simply remaining vulnerable to the kind of attack we're are looking to
> > avoid? Can any good really come from keeping the old locations?
> 
> Given that this is security sensitive, I have no objection to updating
> libvirt to read from the new locations. The only thing I need to work 
> out is a reliable way to choose when to use the new location, vs the 
> looking at old location (for compat with existing deployments). 

I think the existence of /vm_path would do that, but we need to move
*all* this stuff, surely. /local/domain/X/ should be effectively
write-only from dom0 since none of it is trustworthy.

regards
john

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Daniel P. Berrange
Next by Date:  Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Keir Fraser
Previous by Thread:  Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Daniel P. Berrange
Next by Thread:  Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy