[PATCH] add a PTY console; & use a UNIX domain socket for better security
Kashyap Chamarthy
kchamart at redhat.com
Wed Feb 20 07:16:45 UTC 2013
(Adding DanPB for his thoughts)
On 02/20/2013 05:47 AM, Chris Lalancette wrote:
> Hi there,
> A couple of comments.
>
> On Tue, Feb 19, 2013 at 1:58 PM, Kashyap Chamarthy <kchamart at redhat.com
> <mailto:kchamart at redhat.com>> wrote:
>
> A couple of small additions:
> - Add a PTY serial console, so that "virsh console foo" works out of the box
> (once the guest is installed).
>
>
> What's the benefit of doing it this way over using the <console> XML? I thought they
> would both enable the serial stuff, but maybe I'm wrong.
So, with <console> attribute as below, 'virsh console foo' doesn't give you access via
'virsh console foo'
#-------------------------------------#
<console type="pty">
<target port="0"/>
</console>
#-------------------------------------#
With the below snippet, access from 'virsh console' works just fine right after Oz
finishes guest install.
#-------------------------------------#
<serial type="pty">
<target port="0"/>
</serial>
#-------------------------------------#
I tested this and it works just fine.
That's the snippet from oz-install tdl --
http://kashyapc.fedorapeople.org/virt/oz/oz-test-rhel63.txt
>
>
> - Use a UNIX domain socket server (for better security) as a character
> device instead of a TCP port.
>
>
> I'm not opposed to this in principle, though I think we probably need more work to make it
> work properly. In particular, I'm pretty sure "_wait_for_guest_boot" will have to be
> modified to listen over the unix domain socket instead of the listen_port (at which point
> we can remove the listen_port completely). You can test it out by running oz-install with
> -u or -g to do customization/icicle generation, respectively.
I'll investigate into this further.
Thanks Chris.
>
> Thanks,
> Chris
--
/kashyap
More information about the cloud
mailing list