[Libvir] [PATCH]Guard for Dom0 by virsh domain stop commands
Hi, I think Domain0 should NOT stop by virsh domain stop commands. (like shutdown, reboot, destroy). But virsh shudown and reboot commands are still available for Dom0. This patch intends to disable these two commands for Dom0. Internal processing of these two commands is following 1)Send shutdown or reboot to Xend (Guard of xend) 2)If 1) is failed, shutdown/reboot is executed by xenstore. (Not Guard) This patch removes 2) ,that is as same as destroy processing. Signed-off-by: Kazuki Mizushima <mizushima.kazuk@jp.fujitsu.com> Thanks, Kazuki Mizushima Index: xs_internal.c (libvirt-0.2.0) ---------------------------------------------------------------------- --- xs_internal.c 2007-02-15 01:11:54.000000000 +0900 +++ xs_internal.c.guard 2007-02-22 00:31:55.000000000 +0900 @@ -54,8 +54,8 @@ static virDriver xenStoreDriver = { xenStoreDomainLookupByName, /* domainLookupByName */ NULL, /* domainSuspend */ NULL, /* domainResume */ - xenStoreDomainShutdown, /* domainShutdown */ - xenStoreDomainReboot, /* domainReboot */ + NULL, /* domainShutdown */ + NULL, /* domainReboot */ NULL, /* domainDestroy */ xenStoreDomainGetOSType, /* domainGetOSType */ xenStoreDomainGetMaxMemory, /* domainGetMaxMemory */ ----------------------------------------------------------------------
On Thu, Feb 22, 2007 at 10:55:45AM +0900, Kazuki Mizushima wrote:
Hi,
I think Domain0 should NOT stop by virsh domain stop commands. (like shutdown, reboot, destroy). But virsh shudown and reboot commands are still available for Dom0. This patch intends to disable these two commands for Dom0.
Internal processing of these two commands is following 1)Send shutdown or reboot to Xend (Guard of xend) 2)If 1) is failed, shutdown/reboot is executed by xenstore. (Not Guard)
This patch removes 2) ,that is as same as destroy processing.
[...]
@@ -54,8 +54,8 @@ static virDriver xenStoreDriver = { xenStoreDomainLookupByName, /* domainLookupByName */ NULL, /* domainSuspend */ NULL, /* domainResume */ - xenStoreDomainShutdown, /* domainShutdown */ - xenStoreDomainReboot, /* domainReboot */ + NULL, /* domainShutdown */ + NULL, /* domainReboot */ NULL, /* domainDestroy */
The problem with that patch it that is also remove the possibility of falling back to the XenStore methode for other domains than Dommain0 . So IMHO that's too radical, could you rather make a patch which add the check in xenStoreDomainShutdown and xenStoreDomainReboot for domain 0 instead ? thanks, Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
Hi, Dan Thank you for your reply, I understand you. I remake the patch. Signed-off-by: Kazuki Mizushima <mizushima.kazuk@jp.fujitsu.com> Thanks Kazuki Mizushima Index: xs_internal.c (libvirt-0.2.0) ------------------------------------ --- xs_internal.c 2007-02-22 18:35:19.000000000 +0900 +++ xs_internal.c_guard2 2007-02-22 18:35:51.000000000 +0900 @@ -631,7 +631,7 @@ xenStoreDomainShutdown(virDomainPtr doma __FUNCTION__); return(-1); } - if (domain->id == -1) + if (domain->id == -1 || domain->id == 0) return(-1); /* * this is very hackish, the domU kernel probes for a special @@ -659,7 +659,7 @@ xenStoreDomainReboot(virDomainPtr domain __FUNCTION__); return(-1); } - if (domain->id == -1) + if (domain->id == -1 || domain->id == 0) return(-1); /* * this is very hackish, the domU kernel probes for a special --------------------------------------------------------- ----- Original Message ----- From: "Daniel Veillard" <veillard@redhat.com> To: "Kazuki Mizushima" <mizushima.kazuk@jp.fujitsu.com> Cc: <libvir-list@redhat.com> Sent: Thursday, February 22, 2007 3:53 PM Subject: Re: [Libvir] [PATCH]Guard for Dom0 by virsh domain stop commands On Thu, Feb 22, 2007 at 10:55:45AM +0900, Kazuki Mizushima wrote:
Hi,
I think Domain0 should NOT stop by virsh domain stop commands. (like shutdown, reboot, destroy). But virsh shudown and reboot commands are still available for Dom0. This patch intends to disable these two commands for Dom0.
Internal processing of these two commands is following 1)Send shutdown or reboot to Xend (Guard of xend) 2)If 1) is failed, shutdown/reboot is executed by xenstore. (Not Guard)
This patch removes 2) ,that is as same as destroy processing.
[...]
@@ -54,8 +54,8 @@ static virDriver xenStoreDriver = { xenStoreDomainLookupByName, /* domainLookupByName */ NULL, /* domainSuspend */ NULL, /* domainResume */ - xenStoreDomainShutdown, /* domainShutdown */ - xenStoreDomainReboot, /* domainReboot */ + NULL, /* domainShutdown */ + NULL, /* domainReboot */ NULL, /* domainDestroy */
The problem with that patch it that is also remove the possibility of falling back to the XenStore methode for other domains than Dommain0 . So IMHO that's too radical, could you rather make a patch which add the check in xenStoreDomainShutdown and xenStoreDomainReboot for domain 0 instead ? thanks, Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
On Thu, Feb 22, 2007 at 07:08:01PM +0900, Kazuki Mizushima wrote:
Hi, Dan
Thank you for your reply, I understand you. I remake the patch.
Signed-off-by: Kazuki Mizushima <mizushima.kazuk@jp.fujitsu.com>
Thanks Kazuki Mizushima
Index: xs_internal.c (libvirt-0.2.0) ------------------------------------ --- xs_internal.c 2007-02-22 18:35:19.000000000 +0900 +++ xs_internal.c_guard2 2007-02-22 18:35:51.000000000 +0900 @@ -631,7 +631,7 @@ xenStoreDomainShutdown(virDomainPtr doma __FUNCTION__); return(-1); } - if (domain->id == -1) + if (domain->id == -1 || domain->id == 0) return(-1); /* * this is very hackish, the domU kernel probes for a special @@ -659,7 +659,7 @@ xenStoreDomainReboot(virDomainPtr domain __FUNCTION__); return(-1); } - if (domain->id == -1) + if (domain->id == -1 || domain->id == 0) return(-1); /* * this is very hackish, the domU kernel probes for a special
Sounds good (I would just fully parenthesize the boolean expressions) I can't apply it myself at the moment, but I guess Dan or Mark can do it :-) thanks ! Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
On Thu, Feb 22, 2007 at 07:08:01PM +0900, Kazuki???Mizushima wrote:
Hi, Dan
Thank you for your reply, I understand you. I remake the patch.
Signed-off-by: Kazuki Mizushima <mizushima.kazuk@jp.fujitsu.com>
I have committed this updated patch to CVS - thanks for the fix Regards, Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
participants (3)
-
Daniel P. Berrange -
Daniel Veillard -
Kazuki Mizushima