Re: [Xen-devel] [PATCH] libxl: create backend/ xenstore dir for driver domains

[Ian Jackson <ian.jackson@xxxxxxxxxx>]

Marek Marczykowski-Górecki writes ("[PATCH] libxl: create backend/ xenstore dir 
for driver domains"):
> Cleaning up backend xenstore entries is a responsibility of the backend.
> When backend lives outside of dom0, the domain needs proper permissions
> to do it. Normally it is given permission to remove the device dir
> itself, but not the dir containing it (named after frontend ID). After a
> whole those empty leftover directories accumulate to the point xenstore
> returning E2BIG on listing them.
> 
> Fix this by giving backend domain write access also to backend/
> directory itself when c_info->driver_domain option is set. The code
> removing relevant dir is already there (just lacked permissions to do so).
> 
> Note this also allows the backend domain to create new entries,
> pretending to host backend devices it don't have. But since libxl uses
> /libxl/ xenstore dir for this information (still outside of backend
> domain control), this shouldn't be an issue.

This seems quite hazardous to me.  The reasoning you use to show that
this iws OK seems fragile, and in general it doesn't feel right to
give the particular backend such wide scope.

Can we find another way to address this problem ?  I think the
containing directory should be removed by the toolstack.  Why is this
difficult ?  (I presume there is a reason or you would have done it
that way...)

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel