WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-devel

[Top] [All Lists]

Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration

from [Ian Jackson]

[Permanent Link][Original]

To:	Pascal Bouchareine <pascal@xxxxxxxxx>
Subject:	Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration
From:	Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date:	Thu, 2 Oct 2008 11:21:57 +0100
Cc:	xen-devel@xxxxxxxxxxxxxxxxxxx, "Daniel P. Berrange" <berrange@xxxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>, John Levon <levon@xxxxxxxxxxxxxxxxx>
Delivery-date:	Thu, 02 Oct 2008 03:22:23 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<20081002101617.GA81623@xxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<18660.38289.438076.522504@xxxxxxxxxxxxxxxxxxxxxxxx> <C50A57BE.27A2C%keir.fraser@xxxxxxxxxxxxx> <20081002101617.GA81623@xxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

Pascal Bouchareine writes ("Re: [Xen-devel] [PATCH] [Xend] Move some backend 
configuration"):
> On Thu, Oct 02, 2008 at 10:49:34AM +0100, Keir Fraser wrote:
> > An update on this: I solved this issue by fiddling permissions in xenstore
> > after all! /local/domain/<domid> is now read-only to the guest, and specific
> > subdirs only are writable (currently device, error and control).
> 
> writing into device allows the guest to rewrite it's backend
> location, this should be protected too i guess ?

We will arrange for the backend location not to be trusted by anything
important.  In fact, it is entirely formulaic: if you know which
domain the backend is supposed to be in, you can simply shuffle the
path components.  And you can double check against the backend's
frontend path.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Ian Jackson Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Keir Fraser Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Pascal Bouchareine Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Keir Fraser Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Ian Jackson <= Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Keir Fraser Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Ian Jackson Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, John Levon Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Keir Fraser Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Keir Fraser Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, John Levon Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Keir Fraser Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, John Levon Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Ian Jackson

Previous by Date:	Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Keir Fraser
Next by Date:	Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Keir Fraser
Previous by Thread:	Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Keir Fraser
Next by Thread:	Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration, Keir Fraser
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix