From: Doug Goldstein <cardoe@cardoe.com>
To: George Dunlap <george.dunlap@citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Wei Liu <wei.liu2@citrix.com>,
Xen-devel <xen-devel@lists.xenproject.org>
Cc: George Dunlap <george.dunlap@eu.citrix.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>
Subject: Re: XSA-180 follow-up: repurpose xenconsoled for logging
Date: Mon, 6 Jun 2016 15:47:37 -0500 [thread overview]
Message-ID: <3a114c2e-198d-4ac3-5e9a-e1d1b63a056b@cardoe.com> (raw)
In-Reply-To: <57554C87.3040001@citrix.com>
[-- Attachment #1.1.1: Type: text/plain, Size: 1693 bytes --]
On 6/6/16 5:12 AM, George Dunlap wrote:
> On 03/06/16 18:38, Andrew Cooper wrote:
>> On 01/06/16 15:00, Wei Liu wrote:
>>> Hi all
>>>
<snip>
> FWIW, the libvirt project has exactly the same problem, and they did the
> analog of what Wei is proposing -- they added a new daemon, virtlogd, to
> handle all the console and debug log rotation in a fashion resistant to
> DoSing. Without reading their discussion, it's reasonable to assume
> that using system logging was at least considered using system-level
> logging before deciding to write their own code.
If I recall they use RPCs and the logs are generated as a best effort to
not block QEMU.
>
> We already have a daemon to do logging of consoles; it just doesn't have
> any of the logrotate features that are needed to make it robust against
> DoS. There's no sense in having log rotation code in two places, so
> upgrading xenconsoled to do what virtlogd is doing makes more sense than
> say, either writing our own, or stealing virtlogd.
What if we made xl / libxl really good at the limited scope of things it
should be good at and left the other bits to others. At this point it
seems like yet another feature that xl / libxl is gaining that matches
what libvirt does. Maybe an approach is something you appear to suggest
and just point people to virtlogd and ask the libvirt guys if they would
make it a separate package. Honestly it seems like xl could slim down
from a feature set perspective and focus on improving libxl / libvirt
interaction. That's something that the Xen community has been interested
in to better support OpenStack anyway.
Just my 2 cents.
--
Doug Goldstein
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 959 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-06-06 20:47 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-01 14:00 XSA-180 follow-up: repurpose xenconsoled for logging Wei Liu
2016-06-03 10:57 ` George Dunlap
2016-06-03 13:30 ` Wei Liu
2016-06-03 14:10 ` George Dunlap
2016-06-03 14:21 ` Wei Liu
2016-06-03 16:57 ` Ian Jackson
2016-06-06 15:56 ` Wei Liu
2016-06-03 17:38 ` Andrew Cooper
2016-06-06 10:12 ` George Dunlap
2016-06-06 13:03 ` Andrew Cooper
2016-06-06 15:48 ` Wei Liu
2016-06-07 9:57 ` George Dunlap
2016-06-07 10:18 ` Wei Liu
2016-06-06 20:47 ` Doug Goldstein [this message]
2016-06-07 11:43 ` Wei Liu
2016-06-21 14:46 ` Wei Liu
2016-06-21 15:10 ` Juergen Gross
2016-06-21 15:23 ` Ian Jackson
2016-06-21 15:11 ` Ian Jackson
2016-06-21 15:53 ` George Dunlap
2016-06-21 16:04 ` Ian Jackson
2016-06-21 16:17 ` George Dunlap
2016-06-22 0:58 ` Jim Fehlig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3a114c2e-198d-4ac3-5e9a-e1d1b63a056b@cardoe.com \
--to=cardoe@cardoe.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=george.dunlap@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).