Bug 214063
Summary: | xend doesn't start if xen-http-server is enabled | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Sven Oehme <oehmes> |
Component: | xen | Assignee: | Xen Maintainance List <xen-maint> |
Status: | CLOSED NOTABUG | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6 | CC: | bstein, katzj |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-11-23 14:17:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sven Oehme
2006-11-05 11:16:47 UTC
The 'xen-http-server' option opens a TCP port on all network interfaces and performs no authentication on incoming connections. This allows anyone on the network to create/stop/manage guest domainson the hsot in question. This obviously a huge security hole - on a par with running telnet server with no password - thus disabled by default in the XenD config, and denied by the SELinux policy even if the XenD config is turned on. i can set ip table ruls to block not wanted connections, but selinux is disabled in my environement and xend doesn't start either as soon as i change this parameter in xenconfig. so this is still a bug . Ok, can you upload the XenD server/startup logs /var/log/xen/xend.log /var/log/xen/xend-debug.log And also check to see if any other process is listening on the XenD port (8000), with something like: netstat -t -a -n -p | grep LISTEN | grep 8000 ok, got the problem, i have the nasd - Network Audio System server installed who is listening on port 8000, after changing the port to 8080 it works now. the default port for xen should be moved to another free availlable if this service will be anabled in the future. i close the bug .. |