[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] bug in dom create script regarding xenstore permission?
- To: Vincent Hanquez <vincent.hanquez@xxxxxxxxxxxxx>
- From: weiming <zephyr.zhao@xxxxxxxxx>
- Date: Tue, 14 Jul 2009 14:05:04 -0400
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
- Delivery-date: Tue, 14 Jul 2009 11:05:53 -0700
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=g0UlggMCGwU0crVw6yY/v2cfD5kbaqXQ4cIGhKrXJCTy39CigYfME2W/B04oGkkL4p oFaWOpBtlUIgFSW8QRCuHBxGvrz0KPAAkl8ManHR5O3xYcawhufZCqtIWxJluL/fkdBH qDZYVH19DBmYiWXb931jdkFn+lfELq00NbD2o=
- List-id: Xen developer discussion <xen-devel.lists.xensource.com>
Hi Vincent,
Thanks for letting me know.
Is their any way to override this default behavior?
I have a script in domU, which is supposed to post some info to xenstore after it boots up.
Yes, I can manually grant permission after I create a guest domain, but I wish I could automated it.
Thanks,
Weiming
On Tue, Jul 14, 2009 at 1:45 PM, Vincent Hanquez <vincent.hanquez@xxxxxxxxxxxxx> wrote:
weiming wrote:
Hi,
I upgraded from xen 3.2 to xen 3.4 and found that in 3.4, I can't write xenstore in domU.
Then, I found that the owner of the /local/domain/<domid> is 0.
That is:
When I used xs_get_permissions to get the permission of "/local/domain/1", I got
(0,0), (1,1) (dom, perm)
which implies that dom0 is the owner, and dom1 has read-only perm.
in xen 3.2, it returns (1,0), which is correct.
So I guess it might be a bug in the dom create scripts, but I can't find where.
it's not a bug. the behavior that you are seeing in 3.2 was a security issue. 3.4 got the issue fixed.
Cheers,
--
Vincent
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
