This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] ACL for DomUs

On Wednesday 02 May 2007 11:10:21 Steve Kemp wrote:
> > 2.) everytime a domain is created and its name is based on a wildcard
> > create a 'dummy' xen config file that only contains the resulting domain
> > name and the xen_shell attribute. e.g. for me that would be:
> >
> > /etc/xen/apache-1
> > name = "apache-1"
> > xen_shell = 'apacheadm'
>   That is the solution I'd propose since it fits your usage, and
>  requires no changes from me!

However this would mean that the user would not be able to start this machine, 
as it's config file is incomplete (only contains name and xen_shell). Only 
the superuser could start/create the machine using the 'real' config 
file 'apache'.

What would help here was an 'include' statement for the xen domain config:

'/etc/xen/apache' contains all the general setting needed for a domU instance 
and 'apache-1' contains the name and the user permission list for xen_shell.

e.g. in 'apache' you add include = 'apache-%d' %vmid so you could still create 
VMs with 'xm create apache vmid=1', keep all the general things in 'apache' 
config file and the user/xen_shell specific in the 'apache-1' 'apache-2' 

Two other things related to this: why is there no command for pause/unpause a 
domain? Is it possible to pass parameters to the boot command?


Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>