[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration
Pascal Bouchareine writes ("Re: [Xen-devel] [PATCH] [Xend] Move some backend configuration"): > On Thu, Oct 02, 2008 at 10:49:34AM +0100, Keir Fraser wrote: > > An update on this: I solved this issue by fiddling permissions in xenstore > > after all! /local/domain/<domid> is now read-only to the guest, and specific > > subdirs only are writable (currently device, error and control). > > writing into device allows the guest to rewrite it's backend > location, this should be protected too i guess ? We will arrange for the backend location not to be trusted by anything important. In fact, it is entirely formulaic: if you know which domain the backend is supposed to be in, you can simply shuffle the path components. And you can double check against the backend's frontend path. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |