WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration

To: Pascal Bouchareine <pascal@xxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration
From: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Date: Thu, 02 Oct 2008 11:20:23 +0100
Cc: "Daniel P. Berrange" <berrange@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, John Levon <levon@xxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 02 Oct 2008 03:20:51 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20081002101617.GA81623@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AckkeHqzuSgS4JBrEd2OgAAX8io7RQ==
Thread-topic: [Xen-devel] [PATCH] [Xend] Move some backend configuration
User-agent: Microsoft-Entourage/11.4.0.080122
On 2/10/08 11:16, "Pascal Bouchareine" <pascal@xxxxxxxxx> wrote:

> On Thu, Oct 02, 2008 at 10:49:34AM +0100, Keir Fraser wrote:
>> An update on this: I solved this issue by fiddling permissions in xenstore
>> after all! /local/domain/<domid> is now read-only to the guest, and specific
>> subdirs only are writable (currently device, error and control).
> 
> writing into device allows the guest to rewrite it's backend
> location, this should be protected too i guess ?
> 
> the patch stored backend paths into /vm for this reason

I kept that part of your patch as indeed the guest can still modify its
backend reference.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel