[PATCH] add a PTY console; & use a UNIX domain socket for better security

Kashyap Chamarthy kchamart at redhat.com
Wed Feb 20 07:16:45 UTC 2013


(Adding DanPB for his thoughts)

On 02/20/2013 05:47 AM, Chris Lalancette wrote:
> Hi there,
>      A couple of comments.
> 
> On Tue, Feb 19, 2013 at 1:58 PM, Kashyap Chamarthy <kchamart at redhat.com
> <mailto:kchamart at redhat.com>> wrote:
> 
>     A couple of small additions:
>         - Add a PTY serial console, so that "virsh console foo" works out of the box
>           (once the guest is installed).
> 
> 
> What's the benefit of doing it this way over using the <console> XML?  I thought they
> would both enable the serial stuff, but maybe I'm wrong.

So, with <console> attribute as below, 'virsh console foo' doesn't give you access via
'virsh console foo'
#-------------------------------------#
    <console type="pty">
      <target port="0"/>
    </console>
#-------------------------------------#

With the below snippet, access from 'virsh console' works just fine right after Oz
finishes guest install.
#-------------------------------------#
    <serial type="pty">
      <target port="0"/>
    </serial>
#-------------------------------------#

I tested this and it works just fine.

That's the snippet from oz-install tdl --
http://kashyapc.fedorapeople.org/virt/oz/oz-test-rhel63.txt


>  
> 
>         - Use a UNIX domain socket server (for better security) as a character
>           device instead of a TCP port.
> 
> 
> I'm not opposed to this in principle, though I think we probably need more work to make it
> work properly.  In particular, I'm pretty sure "_wait_for_guest_boot" will have to be
> modified to listen over the unix domain socket instead of the listen_port (at which point
> we can remove the listen_port completely).  You can test it out by running oz-install with
> -u or -g to do customization/icicle generation, respectively.

I'll investigate into this further.

Thanks Chris.

>  
> Thanks,
> Chris


-- 
/kashyap


More information about the cloud mailing list