Xen project Mailing List

Re: RE: [Xen-devel] [PATCH] xen-2.0: privileged port connections

To: Ian Pratt <m+Ian.Pratt@xxxxxxxxxxxx>

From: Kurt Garloff <kurt@xxxxxxxxxx>

Date: Wed, 23 Mar 2005 22:36:51 +0100

Cc: Xen development list <xen-devel@xxxxxxxxxxxxxxxxxxxxx>, Anthony Liguori <aliguori@xxxxxxxxxx>

Delivery-date: Wed, 23 Mar 2005 21:42:01 +0000

List-id: List for Xen developers <xen-devel.lists.sourceforge.net>

Hi Ian, On Wed, Mar 23, 2005 at 05:43:22PM -0000, Ian Pratt wrote: > > I chose 732 because it's unassigned indeed. > > Grabbing any port <1024 should do, there's no need to just go for 732, > but have a series of ports that are tried. You did not read the patch :-) xm tries all ports from 732 -- 1023 before it gives up and just uses a random one. > > If you have a patch, I'd volunteer to review :-) > > For Xen 2.x, unix domain sockets would be too much of a pain to > implement over Twisted. Kurt's approach gets us closer toward 'secure by > default'. > > Xen 3 will be very different. I have no clear picture yet of the control tools that we'll have in Xen 3. If we're still heading for release in summer, we should maket some progress with redesigning if we really want to get rid of twisted. Looking into it for just a few hours, I'm not so unhappy with twisted, actually. > > Before I start working on getting the consoles under control, I > > wanted to see whether this approach is acceptable at all. > > I think it's a good band-aid. > > Perhaps a better way to handle consoles would be to use 'screend', and > then have incoming ssh connections dispatched to particular screen > sessions. screen is what is commonly used to handle many (mostly serial) consoles these days, so hooking into that is certainly something most sysadmins would consider a natural choice. > > > 5) you still have to deal with xfrd > > > > It seems to listen on *:8002 ... > > Is there no authentication either? Sigh. > > > > And we probably need to look into the event channel (8001) as well. > > Xfrd needs an option to listen only on localhost. (It's still needed for > save/restore even if you don't use migrate). We could just pass it an option during startup. > The event channel only ever needs to be localhost (and could probably be > turned into a unix domain socket quite easily). Sounds good. Let's do it. Regards, -- Kurt Garloff <kurt@xxxxxxxxxx> [Koeln, DE] Physics:Plasma modeling <garloff@xxxxxxxxxxxxxxxxxxx> [TU Eindhoven, NL] Linux: SUSE Labs (Director) <garloff@xxxxxxx> [Novell Inc]

Attachment: pgpsJeJUu64_1.pgp
Description: PGP signature

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.