[Pkg-xen-devel] Bug#727100: Bug#727100: domain doesn't reboot with xl toolstack

Ian Campbell ijc at hellion.org.uk
Tue Oct 22 11:14:41 UTC 2013


On Tue, 2013-10-22 at 12:49 +0200, PÁSZTOR György wrote:
> Hi,
> 
> "Ian Campbell" <ijc at hellion.org.uk> írta 2013-10-22 11:17-kor:
> > On Tue, 2013-10-22 at 11:52 +0200, PASZTOR Gyorgy wrote:
> > > When you use xl toolstack, you can't reboot domUs.
> > > When you switch back to xm toolstack, than reboot works again.
> > > I think the problem with the debian packaged version is the same as in
> > > this thread:
> > > http://lists.xen.org/archives/html/xen-devel/2011-09/msg01289.html
> > > I also think it's a security issue, since this is kind of a DoS from
> > > the viewpoint of a domU.
> > 
> > The only people who can migrate a domain in any sensible deployment
> > would be host administrator or maybe the VM admin. So there is no
> > security aspect since they already more than privileged enough to simply
> > destroy the domain if they wanted.
> 
> I didn't mention migrate, I wrote about reboot.

The thread you linked to was solely about an issue which arises after a
migration. It sounds like you have a different problem.

> However if the domU's admin don't have host admin right's, just want to
> reboot, then it'll fail, and his machine will remain shut down, until host
> admin starts it again... What is this, if not a denial of a service?

It is a bug. A bug does not become security critical if only someone who
can already run "rm -rf /" (or "service apache stop" or ...) can trigger
it.

> PS.: I understand that 4.1/xl is just 'try and use if works' in Debian 7.0,
> but if your patch works, I don't see a reason, why it couldn't applied, and
> pushed through proposed-updates, and if a wider userbase tested it, it
> could be incorporated into the next point release of Wheezy.

It sounds like the patch is not relevant to your problem anyway, since
as I said it is relevant only after a migration or save/restore.

Ian.



More information about the Pkg-xen-devel mailing list