[Xen-devel] xl command autocompletion: domain names

[Matthew Daley <mattjd@xxxxxxxxx>]

Hi,

I'm looking at implementing bash command autocompletion for xl (at
least for Debian to begin with as that's what I'm familiar with, and
then looking at getting it into other distros). One component that
needs to be created for this is a function that enumerates all the
current running domains by name.

Obviously I can't use `xl list` because that requires escalated
privileges. One gross solution would be to make a small setuid wrapper
that just reads the domain names out of xenstore, but I think there is
a better solution:

By setting the process title (ie. what shows up in `ps` output - sshd
does this to show the privileged and non-privileged separated
processes), we can make each xl daemon show the domain it is running
for. Using a title like 'xl: domain for "<dom name>" (<dom id>)', the
completion script can just execute `ps`, and grep/sed/awk/whatever out
the domain names for bash.

Setting the process title is done by setproctitle() on BSDs, and on
Linux it's implemented by overwriting the process name given at
argv[0]. (In practise, it's done by creating a compat version of
setproctitle() if it's not provided by the system, and then using
whatever OS-dependent method one should be using inside of that.
openssl, nginx, util-linux, sendmail etc. have existing
implementations to base off of.)

I don't think this violates any 'soft' privilege boundary as existing
qemu DMs already show the domain name they are running for in their
command lines, visible to normal users with `ps`.

It should also be a reasonable solution technically - one nice side
effect of this method is that only domains created by xl will be
autocompleted; ones from other toolstacks won't, which makes sense.

Thoughts? Does setting process titles in xl daemons seem like the way to go?

- Matthew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel