On 06.02.24 14:08, Andrew Cooper wrote:
On 06/02/2024 12:43 pm, Juergen Gross wrote:
A Xenstore stubdom should never be stoppable.
Reject attempts to do so.
Signed-off-by: Juergen Gross <[email protected]>
I don't think this is a clever idea. `xl destroy` is also the "please
clean up my system when it's in a very dead state" command, and that
also includes a dead xenstored stubdom.
I don't think xl destroy for a dead Xenstore stubdom will ever work.
xl destroy tries to read (and delete) Xenstore entries, after all.
I think you'd need a program using libxenctrl without all the xl/libxl
actions for achieving this goal. And this would work with my current
patch, too.
If you're looking for some protection, then maybe a `--force` flag to
override, but there must be some way of getting this to run.
A system without Xenstore is probably quite useless anyway. At least today
there is no way a new Xenstore would be able to connect to existing domains.
OTOH I'm inclined to add more hooks, e.g. for "xl pause" and "xl migrate".
And I do think that libxl is the right level for that, as I don't want users
to be able to kill/pause/migrate Xenstore stubdom via libvirt either.
Juergen
