[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] ACL for DomUs



On Wednesday 02 May 2007 11:10:21 Steve Kemp wrote:
> > 2.) everytime a domain is created and its name is based on a wildcard
> > create a 'dummy' xen config file that only contains the resulting domain
> > name and the xen_shell attribute. e.g. for me that would be:
> >
> > /etc/xen/apache-1
> > name = "apache-1"
> > xen_shell = 'apacheadm'
>
>   That is the solution I'd propose since it fits your usage, and
>  requires no changes from me!

However this would mean that the user would not be able to start this machine, 
as it's config file is incomplete (only contains name and xen_shell). Only 
the superuser could start/create the machine using the 'real' config 
file 'apache'.

What would help here was an 'include' statement for the xen domain config:

'/etc/xen/apache' contains all the general setting needed for a domU instance 
and 'apache-1' contains the name and the user permission list for xen_shell.

e.g. in 'apache' you add include = 'apache-%d' %vmid so you could still create 
VMs with 'xm create apache vmid=1', keep all the general things in 'apache' 
config file and the user/xen_shell specific in the 'apache-1' 'apache-2' 
files.

Two other things related to this: why is there no command for pause/unpause a 
domain? Is it possible to pass parameters to the boot command?

Reinhard

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.