(adding xen-devel)

On Thu, 2011-04-28 at 14:27 +0200, Bastian Blank wrote:
> On Thu, Apr 28, 2011 at 12:28:48PM +0100, Ian Campbell wrote:
> > Perhaps if you would describe what doesn't work for you we could work to
> > fix it, but the above isn't really very helpful, is it?
> 
> The first ones:
> - Silent fail if qemu-dm[1] is missing or failing. It lacks error
>   checking.

Yes, this could certainly be improved.

> - Probably missing close-on-exit flags for several file handlers.

You mean close-on-exec?

the libxl interfaces for exec'ing takes care of closing file handles and
since xl is a one-shot toolstack it generally doesn't have piles of fd's
open. The issue is still worth considering and checking for correctness
though I think, especially within libxc (which has other users than xl).

Do you know of specific instances where the CLOEXEC flag is needed but
missing?

I don't think any of the above qualifies xl as so broken we shouldn't
even suggest people try it, as you started out by saying...

Ian.

> [1]: qemu 0.10 is not supportable in any way security wise.
-- 
Ian Campbell

I am currently transitioning to a new OpenPGP key, please see:
http://www.hellion.org.uk/key-transition-2011-04-27-2F6BCD59-to-79074FA8.txt

/* now make a new head in the exact same spot */
		-- Larry Wall in cons.c from the perl source code