[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen 4.4 development update: Feature freeze has started

On 12/11/13 11:09, Ian Campbell wrote:
* xend still in tree (x)
  - xl list -l on a dom0-only system
  - xl list -l doesn't contain tty console port
  - xl Alternate transport support for migration
Are some of these (this one in particular) also covered separately
elsewhere in the list?

Yes, this one is also here:

* xl migrate transport improvements
 owner: None
 > See discussion here: http://bugs.xenproject.org/xen/bug/19
 - Option to connect over a plain TCP socket rather than ssh
 - xl-migrate-recieve suitable for running in inetd
 - option for above to redirect log output somewhere useful
 - Documentation for setting up alternate transports

However, after the discussion with Zhigang, I'm not sure this should really be a blocker for xend removal anymore. The putative reason for having ssl was because exchanging ssh keys was thought to be a security risk, allowing anyone on one host to log into any of the other hosts. However:

1) ssh keys can be limited so that they can only execute a specific command; so this can be dealt with by configuration 2) There are no permissions checks on resources for incoming domains; so given the ability to migrate to a host, you can get a shell on that host pretty handily anyway.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.