Xen project Mailing List

Re: [Xen-devel] XSA-180 follow-up: repurpose xenconsoled for logging

To: George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>

Date: Tue, 21 Jun 2016 18:58:29 -0600

Cc: George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, David Vrabel <david.vrabel@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Delivery-date: Wed, 22 Jun 2016 00:59:07 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 06/21/2016 09:53 AM, George Dunlap wrote: > On 21/06/16 16:11, Ian Jackson wrote: >> Wei Liu writes ("Re: XSA-180 follow-up: repurpose xenconsoled for logging"): >>> Here is what we have gathered so far: >> ... >>> We can, however, just make recommendation that system administrators can >>> easily set up and call it a day. There are suggestions that we can >>> recommend conserver or sympathy, but I haven't seen a concrete viable >>> proposal yet. What I hope is that we can have a document in tree in the >>> end. >> sympathy would need some extra engineering to become suitable. It's >> also not widely adopted. (Not even in Debian, yet. Sorry about that, >> but in my defence it's not my project...) >> >>> Another way is to invent our own "virtlogd" -- it could be a new daemon, >>> it could be xenconsoled. The major concern is that we're adding a >>> critical component to the system and it may not scale well. We can make >>> a compromise by using non-blocking fd to make the new component less >>> critical and doesn't hinder scalability. >> I think this is probably the best answer. We already have most of >> this in the form of xenconsoled. >> >>> Another way is to alter libxl API and ask the application to pass in a >>> fd for logging. The major concern is that this is not suitable in the >>> context of a security issue. >> Any solution needs to work for xl as well as other users of libxl. So >> this is not a description of a solution option; rather it is a >> proposal to move the functionality/glue/problem/whatever out of libxl >> into xl. > ...or libvirt, or xapi (should it ever be ported to libxl). > > I think that having the option to pass an fd in would be useful and will > probably be wanted at some point; I think libvirt for instance should > probably be modified to use such an interface once it's available to > connect qemu to virtlogd. It would be easy enough to do since the qemu driver is already doing this. Regards, Jim _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.