From: George Dunlap <george.dunlap@eu.citrix.com>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>,
Roger Pau Monne <roger.pau@citrix.com>,
Stefano Stabellini <stefano.stabellini@citrix.com>,
Jaeyong Yoo <jaeyong.yoo@samsung.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: Xen 4.4 development update: Feature freeze has started
Date: Fri, 15 Nov 2013 16:11:35 +0000 [thread overview]
Message-ID: <528647B7.6020102@eu.citrix.com> (raw)
In-Reply-To: <1384254550.1883.53.camel@kazak.uk.xensource.com>
On 12/11/13 11:09, Ian Campbell wrote:
>> * xend still in tree (x)
>> - xl list -l on a dom0-only system
>> - xl list -l doesn't contain tty console port
>> - xl Alternate transport support for migration
> Are some of these (this one in particular) also covered separately
> elsewhere in the list?
Yes, this one is also here:
* xl migrate transport improvements
owner: None
> See discussion here: http://bugs.xenproject.org/xen/bug/19
- Option to connect over a plain TCP socket rather than ssh
- xl-migrate-recieve suitable for running in inetd
- option for above to redirect log output somewhere useful
- Documentation for setting up alternate transports
However, after the discussion with Zhigang, I'm not sure this should
really be a blocker for xend removal anymore. The putative reason for
having ssl was because exchanging ssh keys was thought to be a security
risk, allowing anyone on one host to log into any of the other hosts.
However:
1) ssh keys can be limited so that they can only execute a specific
command; so this can be dealt with by configuration
2) There are no permissions checks on resources for incoming domains; so
given the ability to migrate to a host, you can get a shell on that host
pretty handily anyway.
-George
next prev parent reply other threads:[~2013-11-15 16:11 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-11 17:18 Xen 4.4 development update: Feature freeze has started George Dunlap
2013-11-11 17:32 ` Andrew Cooper
2013-11-15 14:36 ` George Dunlap
2013-11-15 14:44 ` Jan Beulich
2013-11-15 14:48 ` Andrew Cooper
2013-11-15 14:52 ` Andrew Cooper
2013-11-11 18:03 ` Konrad Rzeszutek Wilk
2013-11-12 8:55 ` Jan Beulich
2013-11-12 12:04 ` Stefano Stabellini
2013-11-12 14:17 ` Konrad Rzeszutek Wilk
2013-11-12 9:24 ` Ian Campbell
2013-11-11 20:49 ` Boris Ostrovsky
2013-11-11 21:02 ` Ben Guthro
2013-11-12 10:54 ` David Vrabel
2013-11-12 11:09 ` Ian Campbell
2013-11-12 11:11 ` Roger Pau Monné
2013-11-15 15:37 ` George Dunlap
2013-11-15 15:51 ` Roger Pau Monné
2013-11-12 11:20 ` Wei Liu
2013-11-12 11:53 ` Fabio Fantoni
2013-11-12 12:49 ` Stefano Stabellini
2013-11-12 14:20 ` Konrad Rzeszutek Wilk
2013-11-12 14:22 ` Ian Campbell
2013-11-12 14:26 ` Wei Liu
2013-11-12 15:07 ` Konrad Rzeszutek Wilk
2013-11-12 15:16 ` Wei Liu
2013-11-15 16:11 ` George Dunlap [this message]
2013-11-15 16:28 ` George Dunlap
2013-11-19 10:47 ` Ian Campbell
2013-11-14 9:28 ` Dario Faggioli
2013-11-14 14:16 ` Nate Studer
2013-11-14 22:20 ` Dario Faggioli
2013-11-15 9:03 ` Jan Beulich
2013-11-15 9:41 ` Dario Faggioli
2013-11-15 9:00 ` Jan Beulich
2013-11-14 9:38 ` Dario Faggioli
2013-11-14 13:42 ` Elena Ufimtseva
2013-11-15 16:34 ` George Dunlap
2013-11-15 18:07 ` Dario Faggioli
2013-11-15 20:39 ` Shriram Rajagopalan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=528647B7.6020102@eu.citrix.com \
--to=george.dunlap@eu.citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=jaeyong.yoo@samsung.com \
--cc=roger.pau@citrix.com \
--cc=stefano.stabellini@citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).