WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] bug in dom create script regarding xenstore permission?

from [weiming] [Permanent Link][Original]
To: Vincent Hanquez <vincent.hanquez@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] bug in dom create script regarding xenstore permission?
From: weiming <zephyr.zhao@xxxxxxxxx>
Date: Tue, 14 Jul 2009 14:05:04 -0400
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 14 Jul 2009 11:05:53 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type; bh=/O7Q8fdcZkFJrfDfsKqphzVQrh8zqe++RN0slZGxIDU=; b=XRZdE0l2Y9BO59QgDCCA8I7P9W8n99ctQtXDL4nvRrR6EmA9QfHwC7Xv/eITAl5Bar CyMR0N9iLgqmXrOc9Ii3wD5xEA0HZHWY9KViuFGddcCzmlm47WJnW12ML4W3jTS9JGXa U/CHKBD2L1GBhCkHl+gY5qdaziccIcg3iUPXM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=g0UlggMCGwU0crVw6yY/v2cfD5kbaqXQ4cIGhKrXJCTy39CigYfME2W/B04oGkkL4p oFaWOpBtlUIgFSW8QRCuHBxGvrz0KPAAkl8ManHR5O3xYcawhufZCqtIWxJluL/fkdBH qDZYVH19DBmYiWXb931jdkFn+lfELq00NbD2o=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4A5CC423.1080604@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <add59a3f0907141040re927e54j9fbe311b1988c75f@xxxxxxxxxxxxxx> <4A5CC423.1080604@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Hi Vincent,

Thanks for letting me know.

Is their any way to override this default behavior?
I have a script in domU, which is supposed to post some info to xenstore after it boots up.
Yes, I can manually grant permission after I create a guest domain, but I wish I could automated it.

Thanks,
Weiming


On Tue, Jul 14, 2009 at 1:45 PM, Vincent Hanquez <vincent.hanquez@xxxxxxxxxxxxx> wrote:
weiming wrote:
Hi,

I upgraded from xen 3.2 to xen 3.4 and found that in 3.4, I can't write xenstore in domU.
Then, I found that the owner of the /local/domain/<domid> is 0.
That is:
When I used xs_get_permissions to get the permission of "/local/domain/1", I got
(0,0), (1,1)   (dom, perm)
which implies that dom0 is the owner, and dom1 has read-only perm.

in xen 3.2, it returns (1,0), which is correct.

So I guess it might be a bug in the dom create scripts, but I can't find where.

Hi weiming,

it's not a bug. the behavior that you are seeing in 3.2 was a security issue. 3.4 got the issue fixed.

Cheers,
--
Vincent

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] bug in dom create script regarding xenstore permission?, Vincent Hanquez
Next by Date:  [Xen-devel] xenapi.VM.create() with (data) uri for PV_kernel and PV_ramdisk, Andreas Florath
Previous by Thread:  Re: [Xen-devel] bug in dom create script regarding xenstore permission?, Vincent Hanquez
Next by Thread:  Re: [Xen-devel] bug in dom create script regarding xenstore permission?, Vincent Hanquez
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy