xen-devel

[Top] [All Lists]

Re: RE: [Xen-devel] [PATCH] xen-2.0: privileged port connections

from [Kurt Garloff]

[Permanent Link][Original]

To:	Ian Pratt <m+Ian.Pratt@xxxxxxxxxxxx>
Subject:	Re: RE: [Xen-devel] [PATCH] xen-2.0: privileged port connections
From:	Kurt Garloff <kurt@xxxxxxxxxx>
Date:	Wed, 23 Mar 2005 22:36:51 +0100
Cc:	Xen development list <xen-devel@xxxxxxxxxxxxxxxxxxxxx>, Anthony Liguori <aliguori@xxxxxxxxxx>
Delivery-date:	Wed, 23 Mar 2005 21:42:01 +0000
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<A95E2296287EAD4EB592B5DEEFCE0E9D1E3818@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive:	<http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help:	<mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id:	List for Xen developers <xen-devel.lists.sourceforge.net>
List-post:	<mailto:xen-devel@lists.sourceforge.net>
List-subscribe:	<https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe:	<https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Organization:	SUSE/Novell
References:	<A95E2296287EAD4EB592B5DEEFCE0E9D1E3818@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender:	xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent:	Mutt/1.5.6i

Hi Ian,

On Wed, Mar 23, 2005 at 05:43:22PM -0000, Ian Pratt wrote:
> > I chose 732 because it's unassigned indeed.
> 
> Grabbing any port <1024 should do, there's no need to just go for 732,
> but have a series of ports that are tried. 

You did not read the patch :-)
xm tries all ports from 732 -- 1023 before it gives up and just uses
a random one.

> > If you have a patch, I'd volunteer to review :-)
> 
> For Xen 2.x, unix domain sockets would be too much of a pain to
> implement over Twisted. Kurt's approach gets us closer toward 'secure by
> default'.
> 
> Xen 3 will be very different.

I have no clear picture yet of the control tools that we'll have in 
Xen 3. If we're still heading for release in summer, we should maket
some progress with redesigning if we really want to get rid of twisted.
Looking into it for just a few hours, I'm not so unhappy with twisted,
actually.

> > Before I start working on getting the consoles under control, I 
> > wanted to see whether this approach is acceptable at all.
> 
> I think it's a good band-aid.
> 
> Perhaps a better way to handle consoles would be to use 'screend', and
> then have incoming ssh connections dispatched to particular screen
> sessions.

screen is what is commonly used to handle many (mostly serial) consoles
these days, so hooking into that is certainly something most sysadmins
would consider a natural choice.

> > > 5) you still have to deal with xfrd
> > 
> > It seems to listen on *:8002 ... 
> > Is there no authentication either? Sigh.
> > 
> > And we probably need to look into the event channel (8001) as well.
> 
> Xfrd needs an option to listen only on localhost. (It's still needed for
> save/restore even if you don't use migrate).

We could just pass it an option during startup.

> The event channel only ever needs to be localhost (and could probably be
> turned into a unix domain socket quite easily).

Sounds good. Let's do it.

Regards,
-- 
Kurt Garloff                   <kurt@xxxxxxxxxx>             [Koeln, DE]
Physics:Plasma modeling <garloff@xxxxxxxxxxxxxxxxxxx> [TU Eindhoven, NL]
Linux: SUSE Labs (Director)    <garloff@xxxxxxx>            [Novell Inc]

pgpwfsftckxiz.pgp
Description: PGP signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, (continued) Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Anthony Liguori Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Kurt Garloff Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Anthony Liguori Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Kurt Garloff Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Anthony Liguori Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Rik van Riel Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Nivedita Singhvi Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, David Hopwood RE: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Ian Pratt Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Ryan Harper Re: RE: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Kurt Garloff <= Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Tommi Virtanen Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Anthony Liguori RE: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Ian Pratt Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Anthony Liguori Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Christian Limpach Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Kurt Garloff Re: RE: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Kurt Garloff RE: RE: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Ian Pratt

Previous by Date:	Re: RE: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Kurt Garloff
Next by Date:	[Xen-devel] [patch] final header fixes, Hollis Blanchard
Previous by Thread:	Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Ryan Harper
Next by Thread:	Re: [Xen-devel] [PATCH] xen-2.0: privileged port connections, Tommi Virtanen
Indexes:	[Date] [Thread] [Top] [All Lists]