Re: [PATCH] tools/libs/light: don't allow to stop Xenstore stubdom

[Jürgen Groß <jgross@xxxxxxxx>]

On 06.02.24 14:08, Andrew Cooper wrote:
> On 06/02/2024 12:43 pm, Juergen Gross wrote:
> > A Xenstore stubdom should never be stoppable.
> >
> > Reject attempts to do so.
> >
> > Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
> I don't think this is a clever idea.  `xl destroy` is also the "please
> clean up my system when it's in a very dead state" command, and that
> also includes a dead xenstored stubdom.
I don't think xl destroy for a dead Xenstore stubdom will ever work.
xl destroy tries to read (and delete) Xenstore entries, after all.

I think you'd need a program using libxenctrl without all the xl/libxl
actions for achieving this goal. And this would work with my current
patch, too.

> If you're looking for some protection, then maybe a `--force` flag to
> override, but there must be some way of getting this to run.
A system without Xenstore is probably quite useless anyway. At least today
there is no way a new Xenstore would be able to connect to existing domains.

OTOH I'm inclined to add more hooks, e.g. for "xl pause" and "xl migrate".

And I do think that libxl is the right level for that, as I don't want users
to be able to kill/pause/migrate Xenstore stubdom via libvirt either.


Juergen