 Home |
About |
Community |
Support |
Downloads |
xen-devel
Re: [Xen-devel] PATCH: Actually make /local/domain/$DOMID readonly to th
| To: | "Daniel P. Berrange" <berrange@xxxxxxxxxx> |
|---|---|
| Subject: | Re: [Xen-devel] PATCH: Actually make /local/domain/$DOMID readonly to the guest |
| From: | Keir Fraser <keir.fraser@xxxxxxxxxxxxx> |
| Date: | Thu, 18 Dec 2008 17:53:49 +0000 |
| Cc: | xen-devel@xxxxxxxxxxxxxxxxxxx |
| Delivery-date: | Thu, 18 Dec 2008 09:53:58 -0800 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| In-reply-to: | <20081218174951.GZ23277@xxxxxxxxxx> |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
| Thread-index: | AclhOZSLUDC1Veoldk6O5/dr823FDg== |
| Thread-topic: | [Xen-devel] PATCH: Actually make /local/domain/$DOMID readonly to the guest |
| User-agent: | Microsoft-Entourage/12.14.0.081024 |
On 18/12/2008 17:49, "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote: >> However there are other places in xend that commit the same error, and this >> interface weakness would doubtless bite us again in future. Hence the patch >> I actually committed (c/s 18933) actually takes a different strategy: in the >> bowels of the xend xenstore C package I check to see if the caller is try to >> change permissions of the node owner, and if so I fudge in dom0 as the owner >> instead. A bit grim, but I think probably a safer bet in this instance. > > I think that looks correct to me. The easy way to test is to try and > write to '/local/domain/$DOMID/console/tty' from within the guest and > see if it succeeds or not Yes, I actually tested that, and it was no longer writeable. Same for a few susceptible nodes under /vm too. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Xen-devel] PATCH: Actually make /local/domain/$DOMID readonly to the guest, Daniel P. Berrange |
|---|---|
| Next by Date: | [Xen-devel] Fwd: [Xen-users] firewall domU, Thiago Camargo Martins Cordeiro |
| Previous by Thread: | Re: [Xen-devel] PATCH: Actually make /local/domain/$DOMID readonly to the guest, Daniel P. Berrange |
| Next by Thread: | [Xen-devel] Fwd: [Xen-users] firewall domU, Thiago Camargo Martins Cordeiro |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
