[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] xl command autocompletion: domain names

On Fri, Nov 1, 2013 at 4:03 AM, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
> On Tue, 2013-10-29 at 11:29 +1300, Matthew Daley wrote:
>> On Tue, Oct 29, 2013 at 4:57 AM, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> 
>> wrote:
>> > Matthew Daley writes ("xl command autocompletion: domain names"):
>> >> I'm looking at implementing bash command autocompletion for xl (at
>> >> least for Debian to begin with as that's what I'm familiar with, and
>> >> then looking at getting it into other distros). One component that
>> >> needs to be created for this is a function that enumerates all the
>> >> current running domains by name.
>> >>
>> >> Obviously I can't use `xl list` because that requires escalated
>> >> privileges. One gross solution would be to make a small setuid wrapper
>> >> that just reads the domain names out of xenstore, but I think there is
>> >> a better solution:
>> >
>> > But nothing else you can do with xl will work without those escalated
>> > privileges.  So I don't understand why you can't just punt if the user
>> > doesn't have the right privilege.
>> The use case I have in mind is the user using sudo, where the bash
>> completion script will run as the unprivileged shell user still.
> Is this not a common problem with completion vs. sudo? How is it
> normally dealt with?

I guess most autocompletions don't need to access information with a
different privilege level. Domain names don't seem like they should be
privileged information (that is, to a user that can already run `ps`
on the toolstack domain), they just de facto are right now.

> I don't necessarily object to setting the process title, it feels a bit
> 1980s/sendmail-ish to me but that might just be me ;-)

Can't say I have 80s UNIX experience ;)

> On the other hand maybe it is a useful thing to do, is it common(ish)
> practice for daemons to do that sort of thing these days? (The lack of a
> standardised interface seem to imply not terribly common...)

I thought that, apart from this immediate bash-completion use case, it
might be useful if an administrator ever needs to associate an xl
daemon process to the domain it's running on behalf of (ie. if you
wanted to check its resource use, kill it, ...). Admittedly this is
(and should be) a rare occurrence.

qemu-xen (not sure about traditional) gets its domain name passed in
on the command line already (--name), so it's not such a useful thing

> Ian.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.