On Wed, Sep 5, 2012 at 6:32 PM, Ritesh Raj Sarraf <r...@debian.org> wrote: > Package: xcp-xapi > Version: 1.3.2-11 > Severity: normal > > We need to have a separate user/group privilege for xapi and its dependent > processes. At the moment, everything runs as root
Unfortunately, with the way xapi is currently architected, we can't run it as a non-privileged user. Xapi itself makes calls to xenstore and to the hypervisor in too many places to split those bits out. In upstream xapi, we're working on splitting xapi into a few different daemons. When we finish this, we can package it for Debian such that only the daemon that makes xenstore calls and hypercalls is run as root. Because I think that it is impossible to patch 1.3.2 such that it can be run by a non-root user, I think that we should mark this bug as invalid. Do you agree? Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
