This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] xm create as root vs xm destroy as normal user

To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] xm create as root vs xm destroy as normal user
From: Bob Tanner <tanner@xxxxxxxxxxxxx>
Date: Fri, 24 Jun 2005 17:24:15 -0500
Delivery-date: Fri, 24 Jun 2005 22:23:25 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Real Time Enterprises, Inc.
Reply-to: tanner@xxxxxxxxxxxxx
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.7.2
Playing around with xen-2.0.6 and I've found something troubling.

I've been creating domU's with 'xm create.' As a simple security check, I did 
a 'xm shutdown' as a normal user. Much to my surprise, that domU shutdown.

Does the default behavior of xen allow a non-root users to shutdown any domU? 
Even domU's that aren't created by the user issuing the 'xm shutdown'?

Bob Tanner <tanner@xxxxxxxxxxxxx>          | Phone : (952)943-8700
http://www.real-time.com, Minnesota, Linux | Fax   : (952)943-8500
Key fingerprint = AB15 0BDF BCDE 4369 5B42  1973 7CF1 A709 2CC1 B288

Attachment: pgpjQwTW83wel.pgp
Description: PGP signature

Xen-devel mailing list