WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] bug in dom create script regarding xenstore permission?

from [weiming] [Permanent Link][Original]
To: Vincent Hanquez <vincent.hanquez@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] bug in dom create script regarding xenstore permission?
From: weiming <zephyr.zhao@xxxxxxxxx>
Date: Wed, 15 Jul 2009 08:52:57 -0400
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 15 Jul 2009 05:53:55 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type; bh=ARtlmfe6m0Hsc8b5Tn/QTqGga7xGaPawT2A1lQ6ETyk=; b=MO/iZJArSPXdaA2uSF+VWJJy3pA5VtQXJoyvgdQRvbu4I/VbBfkbeI3eQ2xnOBNgJR rIRHOhQnsGTJkhVzdD0S/CCWFQlwDRGW7ENtVYmnffSdFmmCWE7VVcEuRBTHqgik12cc +oVxtWsUgnWBt6T7pSmj/vh7Yh1QQvNfOMWk0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=TZs94p8PNj7y2PO9VU7hhmnTDvS/0Wq/ZmwVDN8RpL52ztIiytio4hsdn2DIp3jZmU m5+1xgj8GOuOEaenCaRpP+lNJoGOYT30B2kZDvGeSyIkKVkIsQWFtsobS8uK1S/AGA2x GaW4b6dYoGrYZjdWsKVamI8Vw3xxsD5B+xeSQ=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4A5DAFB5.8040300@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <add59a3f0907141040re927e54j9fbe311b1988c75f@xxxxxxxxxxxxxx> <4A5CC423.1080604@xxxxxxxxxxxxx> <add59a3f0907141105r6cb76ce3md272351f199614ac@xxxxxxxxxxxxxx> <4A5DAFB5.8040300@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thanks.
But as I said in the first post, /local/domain/<domid>/* is readonly to that domain of <domid>
That makes me feel weird. (and you told me it's for security purpose. :D)

Weiming


On Wed, Jul 15, 2009 at 6:30 AM, Vincent Hanquez <vincent.hanquez@xxxxxxxxxxxxx> wrote:
weiming wrote:
Hi Vincent,

Thanks for letting me know.

Is their any way to override this default behavior?
I have a script in domU, which is supposed to post some info to xenstore after it boots up.
Yes, I can manually grant permission after I create a guest domain, but I wish I could automated it.
I don't really know how to do that exactly; you have to look at where the /local/domain/<domid>/ entry get created, and put an explicit setperm there.

However I think changing your script in a domU is the way forward. there are other place in xenstore (have a look at maybe /vm/<uuid>/ and /local/domain/<domid>/*/ ) that are still writable.

--
Vincent

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] x86: extend some of Intel's recent MCE work to also support AMD, Jan Beulich
Next by Date:  [Xen-devel] [PATCH] i386: eliminate unsupported CPUs' MCA handling code, Jan Beulich
Previous by Thread:  Re: [Xen-devel] bug in dom create script regarding xenstore permission?, Vincent Hanquez
Next by Thread:  [Xen-devel] xenapi.VM.create() with (data) uri for PV_kernel and PV_ramdisk, Andreas Florath
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy