| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration
On Tue, Sep 30, 2008 at 05:46:04PM +0100, Keir Fraser wrote:
> On 30/9/08 17:35, "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote:
>
> >> Duplicating this pair of nodes sounds fine to me, *but* then libvirt is
> >> simply remaining vulnerable to the kind of attack we're are looking to
> >> avoid? Can any good really come from keeping the old locations?
> >
> > Given that this is security sensitive, I have no objection to updating
> > libvirt to read from the new locations. The only thing I need to work
> > out is a reliable way to choose when to use the new location, vs the
> > looking at old location (for compat with existing deployments).
>
> That's an interesting question. Obviously you don't want to race their
> creation and go down the unsafe path unnecessarily.
>
> We could add a node to xenstore, or append version/feature info to the pid
> file? Do you have a preference?
I think its probably best to have explicit "feature" info written into
somewhere in xenstore to indicate that the new layout is in use - "version"
info would get too confusing when we inevitably have to backport this stuff.
To avoid a race condition we'd not want it in the per-VM areas. It'd want
to be a global feature flag we can probe once when libvirt connects,
rather than probing per guest.
I notice there's a /tool area that's unused
# xenstore-ls /tool
xenstored = ""
Could put a little feature flag node there perhaps ?
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home