[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration
On Tue, Sep 30, 2008 at 05:46:04PM +0100, Keir Fraser wrote: > On 30/9/08 17:35, "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote: > > >> Duplicating this pair of nodes sounds fine to me, *but* then libvirt is > >> simply remaining vulnerable to the kind of attack we're are looking to > >> avoid? Can any good really come from keeping the old locations? > > > > Given that this is security sensitive, I have no objection to updating > > libvirt to read from the new locations. The only thing I need to work > > out is a reliable way to choose when to use the new location, vs the > > looking at old location (for compat with existing deployments). > > That's an interesting question. Obviously you don't want to race their > creation and go down the unsafe path unnecessarily. > > We could add a node to xenstore, or append version/feature info to the pid > file? Do you have a preference? I think its probably best to have explicit "feature" info written into somewhere in xenstore to indicate that the new layout is in use - "version" info would get too confusing when we inevitably have to backport this stuff. To avoid a race condition we'd not want it in the per-VM areas. It'd want to be a global feature flag we can probe once when libvirt connects, rather than probing per guest. I notice there's a /tool area that's unused # xenstore-ls /tool xenstored = "" Could put a little feature flag node there perhaps ? Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |