This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] ACL for DomUs

On Wed, May 02, 2007 at 10:46:37AM +0200, Reinhard Brandst?dter wrote:

> > This looks pretty promising and of course I had to try it immediately.


> The reason for this behavior was that the user using the xen-shell didn't 
> have 
> rights to read the /etc/xen directory. with the right permissions xen-shell 
> shows the available machines.

  I'll add a check to make sure that is reported accurately at startup.

> 1.) either make xen-shell aware of wildcards. If a domU 'name=' contains 
> any %d in the xen config, all VMs that match are added to the user's access 
> list.

  That seems like it would be less general than I'd like.

> 2.) everytime a domain is created and its name is based on a wildcard create 
> a 'dummy' xen config file that only contains the resulting domain name and 
> the xen_shell attribute. e.g. for me that would be:
> /etc/xen/apache-1
> name = "apache-1"
> xen_shell = 'apacheadm'

  That is the solution I'd propose since it fits your usage, and
 requires no changes from me!

# Commercial Debian GNU/Linux Support

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>