[Pkg-xen-devel] Bug#686778: Bug#686778: xcp-xapi: what user should xapi run as
Mike McClurg
mike.mcclurg at gmail.com
Wed Sep 5 16:40:35 UTC 2012
On Wed, Sep 5, 2012 at 6:32 PM, Ritesh Raj Sarraf <rrs at debian.org> wrote:
> Package: xcp-xapi
> Version: 1.3.2-11
> Severity: normal
>
> We need to have a separate user/group privilege for xapi and its dependent processes. At the moment, everything runs as root
Unfortunately, with the way xapi is currently architected, we can't
run it as a non-privileged user. Xapi itself makes calls to xenstore
and to the hypervisor in too many places to split those bits out. In
upstream xapi, we're working on splitting xapi into a few different
daemons. When we finish this, we can package it for Debian such that
only the daemon that makes xenstore calls and hypercalls is run as
root.
Because I think that it is impossible to patch 1.3.2 such that it can
be run by a non-root user, I think that we should mark this bug as
invalid. Do you agree?
Mike
More information about the Pkg-xen-devel
mailing list