[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Q: How to find own domid or uuid from domU?

Ewan Mellor <ewan@xxxxxxxxxxxxx> writes:

> On Tue, May 23, 2006 at 09:31:21AM +0100, Christian Limpach wrote:
>
>> On Tue, May 23, 2006 at 09:52:00AM +0200, Markus Armbruster wrote:
>> > "Christian Limpach" <christian.limpach@xxxxxxxxx> writes:
>> > 
>> > > There's a uuid node under the vm path.  I.e. you'd do:
>> > > vmpath=$(xenstore-read vm)
>> > > uuid=$(xenstore-read $vmpath/uuid)
>> > 
>> > Fails in domU:
>> > 
>> >     # xenstore-read vm
>> >     /vm/947df77a-58b5-4e3d-9b6c-aa0178d8e133
>> >     # xenstore-read /vm/947df77a-58b5-4e3d-9b6c-aa0178d8e133/uuid
>> >     xenstore-read: couldn't read path 
>> > /vm/947df77a-58b5-4e3d-9b6c-aa0178d8e133/uuid
>> 
>> Indeed, it's either broken because we've set the permissions not to
>> allow domains to have access to the /vm tree or because we don't allow
>> domains to read outside of their "home" directory.
>
> Permissions for doing this are set in Xend.  At the moment, for security, we
> only allow a domain to look at /local/domain/<domid>, and
> /local/domain/0/backend/<device type>/<domid>, IIRC.  If it is reasonable to
> allow a guest to determine its UUID, then we could trivially add that to Xend,
> by allowing it to read that particular value from the vm directory.
>
> Ewan.

To me it feels like there's a rough consensus that there are
legitimate uses for the UUID in domU.

It was pointed out that xenstore isn't really designed to be used in
anger from domU, and that unprivileged access could create real
problems.

Keir indicated that he's willing to merge a patch to put the UUID into
sysfs.  Makes sense to me, because the UUID is to be used by
unprivileged processes.

I understand that xen_sysfs may not be accepted upstream, or only with
changes.  Fine with me, I'm not looking for a stable API at this time,
I'm looking for something that works to get us going.  If it goes away
later, tough, welcome to the bleeding edge, go look for something else
that works.

I also understand that this is no precedent for stuffing all kinds of
xenstore data into xen_sysfs.

I was looking into Christian's suggestion to read a proper UUID key
rather than extracting it from the vm value.  Well, it doesn't work.
I'll be happy to revise my patch when it does.

In light of the above and all the other contributions to this thread:
what about merging my patch?

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.