[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] xm create as root vs xm destroy as normal user

To: xen-devel@xxxxxxxxxxxxxxxxxxx, tanner@xxxxxxxxxxxxx
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Mon, 27 Jun 2005 18:54:17 +0100
Delivery-date: Mon, 27 Jun 2005 18:01:23 +0000
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

> > There is currently no notion of capabilities. In 3.0 the default
> > communication path between xm and xend is now a unix domain socket so
> > by default only root can execute xm commands.
>
> I'm sorry, I do not understand the answer. The "no notion of capabilities",
> does that mean "yes, non-root users can stop Xen sessions in 2.x"?

Yep.  Anyone who can get to Xend's http interface can access all the 
management functions.  The only solution in the 2.0 tree is to allow only 
trusted users the appropriate network access (e.g. no untrusted local users, 
firewall off Xend from non-management networks).

Security in 3.0 will be rather less permissive :-)

Cheers,
Mark

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

References:
- [Xen-devel] xm create as root vs xm destroy as normal user
  - From: Bob Tanner
- Re: [Xen-devel] xm create as root vs xm destroy as normal user
  - From: Kip Macy
- Re: [Xen-devel] xm create as root vs xm destroy as normal user
  - From: Bob Tanner

Prev by Date: Re: [Xen-devel] xm create as root vs xm destroy as normal user
Next by Date: Re: [Xen-devel] [PATCH] 1 of 2: default ssid to 0
Previous by thread: Re: [Xen-devel] xm create as root vs xm destroy as normal user
Next by thread: [Xen-devel] [PATCH] Add DOM0_GETDOMAININFOLIST op for bulk retrieval of domain info
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.