From: Jeff D. <jd...@ka...> - 2002-02-21 14:59:23
|
Ho...@at... said: > Is there a way to signal a UML to shutdown from the like when the > power fails and the host's power-fail script runs. > Or a way to send a CTRL-ALT-DELETE to a UML from the host with a > script. Yeah, there are mconsole 'halt', 'reboot', and 'cad' commands, which do what you think. Jeff |
From: Jeff D. <jd...@ka...> - 2002-02-22 00:41:36
|
sf...@ih... said: > What's really needed is a way for the host to tell the UML that it > needs to switch to runlevels 0 or 6. 'cad' does runlevel 6 (reboot), which is consistent with physical machines, but which isn't what you normally want with UML. So, I think I'll add an optional 'halt' argument to 'cad' which will magically change the reboot into a halt. Jeff |
From: Howard G. <Ho...@at...> - 2002-02-22 12:30:14
|
Thanks Jeff, cad is exactly what I was looking for. Since this simulates a keyboard ctl-alt-del I can edit the ca: line in /etc/inittab and make it do what I really want (change the -r to -h, send a message, etc.). Is uml_mconsole supposed to be limiting access only to the UID that started the UML instance. I would think that anyone who has read-write access to the mconsole socket would be able to manage the UML instance. On my machine, if I start UML as a user and run uml_mconsole as root and ask for version it just sits there and returns nothing. If I su to the user I started the UML instance with and run uml_mconsole it works great. Thanks for your help, Howard At 02:43 PM 2/21/2002 -0500, Jeff Dike wrote: >sf...@ih... said: > > What's really needed is a way for the host to tell the UML that it > > needs to switch to runlevels 0 or 6. > >'cad' does runlevel 6 (reboot), which is consistent with physical machines, >but which isn't what you normally want with UML. > >So, I think I'll add an optional 'halt' argument to 'cad' which will magically >change the reboot into a halt. > > Jeff |
From: Jeff D. <jd...@ka...> - 2002-02-22 15:53:08
|
Ho...@at... said: > Is uml_mconsole supposed to be limiting access only to the UID that > started the UML instance. I would think that anyone who has > read-write access to the mconsole socket would be able to manage the > UML instance. On my machine, if I start UML as a user and run > uml_mconsole as root and ask for version it just sits there and > returns nothing. If I su to the user I started the UML instance with > and run uml_mconsole it works great. There's a permission check in the driver. The mconsole client passes its creds through the socket and if they don't match the uid of UML, then it fails. Offhand, I can't think of any reason we can't use socket file permissions for that. Lennert, is there any reason not to just ditch the cred stuff from the mconsole driver? Jeff |
From: Lennert B. <bu...@gn...> - 2002-02-22 17:51:34
|
The cred check in the driver was originally done so that ordinary users could ping other umls, but not give commands to them. It seems that you killed that fairly quickly though, so there doesn't seem to be a deep reason to keep the cred stuff anymore. --L On Tue, Feb 19, 2002 at 09:22:26PM -0500, Jeff Dike wrote: > > Is uml_mconsole supposed to be limiting access only to the UID that > > started the UML instance. I would think that anyone who has > > read-write access to the mconsole socket would be able to manage the > > UML instance. On my machine, if I start UML as a user and run > > uml_mconsole as root and ask for version it just sits there and > > returns nothing. If I su to the user I started the UML instance with > > and run uml_mconsole it works great. > > There's a permission check in the driver. The mconsole client passes its > creds through the socket and if they don't match the uid of UML, then it > fails. > > Offhand, I can't think of any reason we can't use socket file permissions > for that. > > Lennert, is there any reason not to just ditch the cred stuff from the > mconsole driver? > > Jeff > |
From: Jeff D. <jd...@ka...> - 2002-02-22 19:55:48
|
bu...@gn... said: > The cred check in the driver was originally done so that ordinary > users could ping other umls, but not give commands to them. Oh yeah. Thanks for reminding me. > It seems > that you killed that fairly quickly though, so there doesn't seem to > be a deep reason to keep the cred stuff anymore. It could be unkilled. If we allow that and we want to allow root to control other people's UMLs, mconsole will have to pass the user's creds if it's running as root (and root can fake creds, right?). Jeff |
From: Lennert B. <bu...@gn...> - 2002-02-23 15:07:26
|
On Fri, Feb 22, 2002 at 02:57:08PM -0500, Jeff Dike wrote: > > It seems > > that you killed that fairly quickly though, so there doesn't seem to > > be a deep reason to keep the cred stuff anymore. > > It could be unkilled. If we allow that and we want to allow root to > control other people's UMLs, mconsole will have to pass the user's creds if > it's running as root (and root can fake creds, right?). Frankly, I don't really see the use of being able to ping other people's uml's anymore (and if the sockets are stored in each user's own home dir it makes exceptionally little sense). Yes, root can fake creds, but root can also override socket permissions, no? cheers, Lennert |
From: Steve F. <sf...@ih...> - 2002-02-21 23:00:43
|
>> Is there a way to signal a UML to shutdown from the like when the >> power fails and the host's power-fail script runs. >> Or a way to send a CTRL-ALT-DELETE to a UML from the host with a >> script. > > Yeah, there are mconsole 'halt', 'reboot', and 'cad' commands, which do what > you think. Howard, aren't you asking about a proper shutdown? From the UML website, we see that the mconsole's halt and reboot commands do this: "These take no arguments. They shut the machine down immediately, with no syncing of disks and no clean shutdown of userspace. So, they are pretty close to crashing the machine." What's really needed is a way for the host to tell the UML that it needs to switch to runlevels 0 or 6. Steve |