[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] Generic PV Guests on XCP?



On Mon, 2010-03-29 at 19:21 +0100, Phil Winterfield (winterfi) wrote: 
> Ian- 
> 
> I have taken your advice and created a generic template using
> vm-create, but for some reason it doesnât like the kernel path, even
> though it is clearly accessible - see below.  Any ideas?

Some security stuff got added to xapi recently which requires that the
guest kernel and ramdisk be under "/boot/guest/". I'm not really sure
why -- I think it's because with RBAC non root users with the VM admin
role can set PV-kernel/PV-initrd/etc (imagine setting PV-initrd
to /etc/shadow) but I'm not sure why restricting to just /boot wasn't
sufficiently secure.

If you move (or symlink) your stuff to /boot/guest and
use /boot/guest/ios/i86bi_etcetc I think things should work.

Ian.

> 
> Phil
> 
> 
> [root@xenserver-wvgdltag ~]# xe vm-create name-label=IOSonXen 
> name-description="Paravirtualized IOS on Xen"
> 5c56afe3-a729-bcaa-a543-d87987167a3d
> [root@xenserver-wvgdltag ~]# xe vm-param-set 
> uuid=5c56afe3-a729-bcaa-a543-d87987167a3d \
> > PV-kernel='/boot/ios/i86bi_xen-ipbase-ms' \
> > PV-args= \
> > PV-bootloader= \
> > PV-bootloader-args= \
> > memory-static-min=2048 \
> > VCPUs-at-startup=1 \
> > other-config:pause=1 \
> > other-config:disable_pv_vnc=1
> [root@xenserver-wvgdltag ~]# xe vm-start 
> uuid=5c56afe3-a729-bcaa-a543-d87987167a3d
> Caller not allowed to perform this operation.
> message: illegal kernel path /boot/ios/i86bi_xen-ipbase-ms
> [root@xenserver-wvgdltag ~]# ls -l /boot/ios/i86bi_xen-ipbase-ms
> -rwxr-xr-x 1 root root 61649099 Mar 23 13:37 /boot/ios/i86bi_xen-ipbase-ms
> [root@xenserver-wvgdltag ~]#
> 



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.