WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: RE: [Xen-devel] [PATCH] xen-2.0: privileged port connections

To: Ian Pratt <m+Ian.Pratt@xxxxxxxxxxxx>
Subject: Re: RE: [Xen-devel] [PATCH] xen-2.0: privileged port connections
From: Kurt Garloff <kurt@xxxxxxxxxx>
Date: Wed, 23 Mar 2005 22:36:51 +0100
Cc: Xen development list <xen-devel@xxxxxxxxxxxxxxxxxxxxx>, Anthony Liguori <aliguori@xxxxxxxxxx>
Delivery-date: Wed, 23 Mar 2005 21:42:01 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <A95E2296287EAD4EB592B5DEEFCE0E9D1E3818@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Organization: SUSE/Novell
References: <A95E2296287EAD4EB592B5DEEFCE0E9D1E3818@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.6i
Hi Ian,

On Wed, Mar 23, 2005 at 05:43:22PM -0000, Ian Pratt wrote:
> > I chose 732 because it's unassigned indeed.
> 
> Grabbing any port <1024 should do, there's no need to just go for 732,
> but have a series of ports that are tried. 

You did not read the patch :-)
xm tries all ports from 732 -- 1023 before it gives up and just uses
a random one.

> > If you have a patch, I'd volunteer to review :-)
> 
> For Xen 2.x, unix domain sockets would be too much of a pain to
> implement over Twisted. Kurt's approach gets us closer toward 'secure by
> default'.
> 
> Xen 3 will be very different.

I have no clear picture yet of the control tools that we'll have in 
Xen 3. If we're still heading for release in summer, we should maket
some progress with redesigning if we really want to get rid of twisted.
Looking into it for just a few hours, I'm not so unhappy with twisted,
actually.

> > Before I start working on getting the consoles under control, I 
> > wanted to see whether this approach is acceptable at all.
> 
> I think it's a good band-aid.
> 
> Perhaps a better way to handle consoles would be to use 'screend', and
> then have incoming ssh connections dispatched to particular screen
> sessions.

screen is what is commonly used to handle many (mostly serial) consoles
these days, so hooking into that is certainly something most sysadmins
would consider a natural choice.

> > > 5) you still have to deal with xfrd
> > 
> > It seems to listen on *:8002 ... 
> > Is there no authentication either? Sigh.
> > 
> > And we probably need to look into the event channel (8001) as well.
> 
> Xfrd needs an option to listen only on localhost. (It's still needed for
> save/restore even if you don't use migrate).

We could just pass it an option during startup.

> The event channel only ever needs to be localhost (and could probably be
> turned into a unix domain socket quite easily).

Sounds good. Let's do it.

Regards,
-- 
Kurt Garloff                   <kurt@xxxxxxxxxx>             [Koeln, DE]
Physics:Plasma modeling <garloff@xxxxxxxxxxxxxxxxxxx> [TU Eindhoven, NL]
Linux: SUSE Labs (Director)    <garloff@xxxxxxx>            [Novell Inc]

Attachment: pgpwfsftckxiz.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>