On Sun, Mar 06, 2005 at 04:14:24PM -0500, Rik van Riel wrote:
> On Sun, 6 Mar 2005, Tommi Virtanen wrote:
> > That's not good design. I sincerely think access to any confidential
> > or security conscious part of xen should be limited, e.g. with a
> > unix domain socket located in a directory only readable by a certain
> > group.
> Good point, then we could use filesystem permissions
> and/or selinux policy to restrict who gets access to
Why not just require the other end of the socket to be below 1024?
If you bind to localhost, that should be enough.
xm would then use a privileged socket if it can (i.e. if called as
Using an selinux policy for this would be aiming cannons at sparrows
(german saying, in english that's breaking a fly on the wheel).
> > Note that if there are harmless xm commands (xm list and so on), they
> > could be allowed for all users in dom0.
> This would require either access permission checks inside
> xend, or a separate socket for only unprivileged operations.
Then defer the client port check to the command parser.
Kurt Garloff <kurt@xxxxxxxxxx> [Koeln, DE]
Physics:Plasma modeling <garloff@xxxxxxxxxxxxxxxxxxx> [TU Eindhoven, NL]
Linux: SUSE Labs (Director) <garloff@xxxxxxx> [Novell Inc]
Description: PGP signature