Xen project Mailing List

Re: [Xen-devel] protecting xen startup

To: Mark Williamson <maw48@xxxxxxxxxxxxxxxx>

From: Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>

Date: Tue, 23 Nov 2004 20:51:52 +0000

Delivery-date: Tue, 23 Nov 2004 20:43:52 +0000

List-id: List for Xen developers <xen-devel.lists.sourceforge.net>

On Tue, Nov 23, 2004 at 06:07:52PM +0000, Mark Williamson wrote: > >i notice that there's a management interface on port 8000. > > There are currently two HTTP-based management interfaces. Once of them is > the Xensv web interface, the other is the Xend HTTP-based API, which is > used by both the command line xm tool and Xensv to issue commands to Xend. > > >i seek to protect this interface such that nothing but a trusted program > >(think selinux) may run, manage, start up or shut down xen oses. > > Currently, anyone who can access Xend's port can issue management > commands. Xend can optionally be configured to only accept connections > from localhost, in which case only local users will be able to issue > commands to it. okay. is there anything preventing that interface from being removed, such that the client/server bit is munged into a single application? > >is the port 8000 stuff just providing a web server (/etc/init.d/xend) > >front-end to some extra system calls? > > Not exactly. At the Linux Level, there aren't any extra Xen system calls. > Most commands are issued to Xen by performing ioctls on the > /proc/xen/privcmd file. GREAT. that means that it will be possible to lock down at the very least the access to /proc/xen and later, should it prove worthwhile, to protect each ioctl with a new selinux security id per ioctl command. > The commands which are issued through this file > are largely transparent to XenLinux however, having meaning only when they > are parsed by Xen. ... that kinda goes without saying :) > >is the port 8000 stuff actually running in the xen boot-up stuff? > > Xend starts its HTTP interface when it starts up and will do anything the > HTTP interface tells it to do. If Xend isn't running then the HTTP > interface is not accessible (but you can't do a lot without Xend). ... but there's nothing to prevent the merging of the xend and the xm programs, bypassing the use of HTTP, right? ta, l. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.