On 18/01/17 19:26, Stefano Stabellini wrote:
> On Wed, 18 Jan 2017, Juergen Gross wrote:
>> On 18/01/17 12:03, Wei Liu wrote:
>>> On Mon, Jan 16, 2017 at 05:47:15PM +0100, Juergen Gross wrote:
On 07/12/16 08:44, Juergen Gross wrote:
> Hi,
>
> today the XS_RESTRICT wire command of X
On Wed, 18 Jan 2017, Juergen Gross wrote:
> On 18/01/17 12:03, Wei Liu wrote:
> > On Mon, Jan 16, 2017 at 05:47:15PM +0100, Juergen Gross wrote:
> >> On 07/12/16 08:44, Juergen Gross wrote:
> >>> Hi,
> >>>
> >>> today the XS_RESTRICT wire command of Xenstore is supported by
> >>> oxenstored only to
On Wed, Jan 18, 2017 at 01:42:01PM +0100, Juergen Gross wrote:
> On 18/01/17 13:39, George Dunlap wrote:
> > On 18/01/17 12:37, Andrew Cooper wrote:
> >> On 18/01/17 12:08, Juergen Gross wrote:
> >>> On 18/01/17 12:39, Wei Liu wrote:
> On Wed, Jan 18, 2017 at 12:21:48PM +0100, Juergen Gross wr
On 18/01/17 13:39, George Dunlap wrote:
> On 18/01/17 12:37, Andrew Cooper wrote:
>> On 18/01/17 12:08, Juergen Gross wrote:
>>> On 18/01/17 12:39, Wei Liu wrote:
On Wed, Jan 18, 2017 at 12:21:48PM +0100, Juergen Gross wrote:
> On 18/01/17 12:03, Wei Liu wrote:
>> On Mon, Jan 16, 2017
On 18/01/17 12:37, Andrew Cooper wrote:
> On 18/01/17 12:08, Juergen Gross wrote:
>> On 18/01/17 12:39, Wei Liu wrote:
>>> On Wed, Jan 18, 2017 at 12:21:48PM +0100, Juergen Gross wrote:
On 18/01/17 12:03, Wei Liu wrote:
> On Mon, Jan 16, 2017 at 05:47:15PM +0100, Juergen Gross wrote:
>
On 18/01/17 12:08, Juergen Gross wrote:
> On 18/01/17 12:39, Wei Liu wrote:
>> On Wed, Jan 18, 2017 at 12:21:48PM +0100, Juergen Gross wrote:
>>> On 18/01/17 12:03, Wei Liu wrote:
On Mon, Jan 16, 2017 at 05:47:15PM +0100, Juergen Gross wrote:
> On 07/12/16 08:44, Juergen Gross wrote:
>
On 18/01/17 12:39, Wei Liu wrote:
> On Wed, Jan 18, 2017 at 12:21:48PM +0100, Juergen Gross wrote:
>> On 18/01/17 12:03, Wei Liu wrote:
>>> On Mon, Jan 16, 2017 at 05:47:15PM +0100, Juergen Gross wrote:
On 07/12/16 08:44, Juergen Gross wrote:
> Hi,
>
> today the XS_RESTRICT wire co
On Wed, Jan 18, 2017 at 12:21:48PM +0100, Juergen Gross wrote:
> On 18/01/17 12:03, Wei Liu wrote:
> > On Mon, Jan 16, 2017 at 05:47:15PM +0100, Juergen Gross wrote:
> >> On 07/12/16 08:44, Juergen Gross wrote:
> >>> Hi,
> >>>
> >>> today the XS_RESTRICT wire command of Xenstore is supported by
> >
On 18/01/17 12:03, Wei Liu wrote:
> On Mon, Jan 16, 2017 at 05:47:15PM +0100, Juergen Gross wrote:
>> On 07/12/16 08:44, Juergen Gross wrote:
>>> Hi,
>>>
>>> today the XS_RESTRICT wire command of Xenstore is supported by
>>> oxenstored only to drop the privilege of a connection to that of the
>>> d
On Mon, Jan 16, 2017 at 05:47:15PM +0100, Juergen Gross wrote:
> On 07/12/16 08:44, Juergen Gross wrote:
> > Hi,
> >
> > today the XS_RESTRICT wire command of Xenstore is supported by
> > oxenstored only to drop the privilege of a connection to that of the
> > domid given as a parameter to the com
On 07/12/16 08:44, Juergen Gross wrote:
> Hi,
>
> today the XS_RESTRICT wire command of Xenstore is supported by
> oxenstored only to drop the privilege of a connection to that of the
> domid given as a parameter to the command.
>
> Using this mechanism with Xenstore running in a stubdom will lea
On 04/01/17 16:21, Wei Liu wrote:
> On Wed, Jan 04, 2017 at 04:05:03PM +0100, Juergen Gross wrote:
>> On 04/01/17 15:59, Wei Liu wrote:
>>> On Wed, Dec 07, 2016 at 08:44:31AM +0100, Juergen Gross wrote:
Hi,
today the XS_RESTRICT wire command of Xenstore is supported by
oxenstore
On 04/01/17 17:54, Ian Jackson wrote:
> Juergen Gross writes ("Re: Xenstore domains and XS_RESTRICT"):
>> Rejecting XS_RESTRICT for a non-socket connection is mandatory to
>> ensure a XS_RESTRICT user on an old kernel not knowing about it can't
>> drop the privilege of all other user's on that syst
Juergen Gross writes ("Re: Xenstore domains and XS_RESTRICT"):
> Rejecting XS_RESTRICT for a non-socket connection is mandatory to
> ensure a XS_RESTRICT user on an old kernel not knowing about it can't
> drop the privilege of all other user's on that system, too.
Kernels need to proxy all command
On Wed, Jan 04, 2017 at 04:05:03PM +0100, Juergen Gross wrote:
> On 04/01/17 15:59, Wei Liu wrote:
> > On Wed, Dec 07, 2016 at 08:44:31AM +0100, Juergen Gross wrote:
> >> Hi,
> >>
> >> today the XS_RESTRICT wire command of Xenstore is supported by
> >> oxenstored only to drop the privilege of a con
On 04/01/17 15:59, Wei Liu wrote:
> On Wed, Dec 07, 2016 at 08:44:31AM +0100, Juergen Gross wrote:
>> Hi,
>>
>> today the XS_RESTRICT wire command of Xenstore is supported by
>> oxenstored only to drop the privilege of a connection to that of the
>> domid given as a parameter to the command.
>>
>>
On Wed, Dec 07, 2016 at 08:44:31AM +0100, Juergen Gross wrote:
> Hi,
>
> today the XS_RESTRICT wire command of Xenstore is supported by
> oxenstored only to drop the privilege of a connection to that of the
> domid given as a parameter to the command.
>
> Using this mechanism with Xenstore runnin
On 08/12/16 08:55, Juergen Gross wrote:
> On 07/12/16 18:10, Ian Jackson wrote:
>> Juergen Gross writes ("Xenstore domains and XS_RESTRICT"):
>>> In order to solve the problem I suggest the following change to the
>>> Xenstore wire protocol:
>>>
>>> struct xsd_sockmsg
>>> {
>>> -uint32_t type
On 07/12/16 18:10, Ian Jackson wrote:
> Juergen Gross writes ("Xenstore domains and XS_RESTRICT"):
>> In order to solve the problem I suggest the following change to the
>> Xenstore wire protocol:
>>
>> struct xsd_sockmsg
>> {
>> -uint32_t type; /* XS_??? */
>> +uint16_t type; /* XS_???
On 07/12/16 18:00, Ian Jackson wrote:
> Konrad Rzeszutek Wilk writes ("Re: Xenstore domains and XS_RESTRICT"):
>> On Wed, Dec 07, 2016 at 03:26:38PM +0100, Juergen Gross wrote:
>>> There is no socket connection to xenstore domain.
>>
>> Right but it creates its own XenStore ring. Can it send this x
Juergen Gross writes ("Xenstore domains and XS_RESTRICT"):
> In order to solve the problem I suggest the following change to the
> Xenstore wire protocol:
>
> struct xsd_sockmsg
> {
> -uint32_t type; /* XS_??? */
> +uint16_t type; /* XS_??? */
> +uint16_t domid; /* Use privileges o
Konrad Rzeszutek Wilk writes ("Re: Xenstore domains and XS_RESTRICT"):
> On Wed, Dec 07, 2016 at 03:26:38PM +0100, Juergen Gross wrote:
> > There is no socket connection to xenstore domain.
>
> Right but it creates its own XenStore ring. Can it send this xsd_sockmsg
> with domid_id of zero? Or are
On 07/12/16 16:40, Konrad Rzeszutek Wilk wrote:
> On Wed, Dec 07, 2016 at 03:26:38PM +0100, Juergen Gross wrote:
>> On 07/12/16 15:15, Konrad Rzeszutek Wilk wrote:
>>> On Wed, Dec 07, 2016 at 08:44:31AM +0100, Juergen Gross wrote:
Hi,
today the XS_RESTRICT wire command of Xenstore is
On Wed, Dec 07, 2016 at 03:26:38PM +0100, Juergen Gross wrote:
> On 07/12/16 15:15, Konrad Rzeszutek Wilk wrote:
> > On Wed, Dec 07, 2016 at 08:44:31AM +0100, Juergen Gross wrote:
> >> Hi,
> >>
> >> today the XS_RESTRICT wire command of Xenstore is supported by
> >> oxenstored only to drop the priv
On 07/12/16 15:15, Konrad Rzeszutek Wilk wrote:
> On Wed, Dec 07, 2016 at 08:44:31AM +0100, Juergen Gross wrote:
>> Hi,
>>
>> today the XS_RESTRICT wire command of Xenstore is supported by
>> oxenstored only to drop the privilege of a connection to that of the
>> domid given as a parameter to the c
On Wed, Dec 07, 2016 at 08:44:31AM +0100, Juergen Gross wrote:
> Hi,
>
> today the XS_RESTRICT wire command of Xenstore is supported by
> oxenstored only to drop the privilege of a connection to that of the
> domid given as a parameter to the command.
>
> Using this mechanism with Xenstore runnin
26 matches
Mail list logo
