On Sat, Mar 05, 2005 at 04:53:18PM -0500, Rik van Riel wrote:
> Indeed. I guess I need to think about restricting connections
> to xend to localhost only - and maybe even through a unix
> domain socket instead of a tcp socket ...
This are my thoughts about this problem:
----- Forwarded message from Bastian Blank <waldi@xxxxxxxxxx> -----
Date: Sat, 5 Mar 2005 13:38:11 +0100
Subject: proposal for xend communication
I tried to construct a secure-by-default communication between xm and
xend and for access to the consoles.
* Configuration: UNIX/TCP socket with the possibility to connect to consoles.
(This may violate the HTTP protocol.)
* Console: UNIX/TCP socket.
* Migration: TCP socket.
By default only the configuration unix socket is enabled and secured by
filesystem permissions on the containing directory. Anything else needs
to be enabled in the config. The domain console option is predefined as
The domain config console option is changed to a socket spec.
(Examples: 'unix:/tmp/bla', 'tcp::6703', 'tcp:0.0.0.0:6704',
Don't know yet how to specify the configuration and migration sockets in
the overall config.
----- End forwarded message -----
He's dead, Jim.
-- McCoy, "The Devil in the Dark", stardate 3196.1
Description: Digital signature