[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves

To: Keir Fraser <keir@xxxxxxx>
From: Vincent Hanquez <vincent.hanquez@xxxxxxxxxxxxx>
Date: Tue, 9 Aug 2011 13:33:21 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 09 Aug 2011 05:27:03 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

On 08/09/2011 12:31 PM, Keir Fraser wrote:

Do you have any examples of projects which could run with much lesser
privilege, and very constrained xenstore access, if a suitably controlled
xenstore interface was provided?


There's a bunch of program that doesn't need much more than read/write to a 
specific limited part of xenstore.

- Guest agents (reporting stats usually)
- things listening to some actions (snapshot yourself, export some storage 
thing, etc..)

Perhaps a variant of the restrict packet would be enough to drop some privileges
of the xenbus connection (at connection time) to read/write to a specific path.

--
Vincent

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

References:
- Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves
  - From: Keir Fraser

Prev by Date: [Xen-devel] Re: [linux bisection] complete test-amd64-i386-win-vcpus1
Next by Date: [Xen-devel] Re: [PATCH] xen: modify kernel mappings corresponding to granted pages
Previous by thread: Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves
Next by thread: Re: [Xen-devel] [PATCH] xenstored: allow guests to reintroduce themselves
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.