Skip to content

EXT: don't reserve any block for root #743

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
ydirson wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

EXT: don't reserve any block for root #743

ydirson wants to merge 1 commit into from

Conversation

@ydirson
Copy link
Contributor

@ydirson ydirson commented Mar 19, 2025

There is only root in dom0, and df erroneously substracts the default 5% of disk space as "reserved for root", which is just meaningless here.

It could be worth going further with doing the same for all FileSR types, but I thought I'd ask for feedback first.

If this becomes a thing, it could be useful then to find some way to get tune2fs -m 0 run on existing SR to make them even.

@ydirson
WIP EXT: don't reserve any block for root
ec87414 
There is only root in dom0, and `df` erroneously substracts the default
5% of disk space as "reserved for root", which is just meaningless here.

Would be worth:
- doing the same for all FileSR types
- some way to get `tune2fs -m 0` run on existing SR to make them even
@MarkSymsCtx
Copy link
Contributor

MarkSymsCtx commented Mar 19, 2025

As you say, all access is performed as root anyway so I'm not sure what actual difference this will make?

MarkSymsCtx
MarkSymsCtx reviewed Dec 4, 2025
View reviewed changes
Copy link
Contributor

@MarkSymsCtx MarkSymsCtx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable

@rosslagerwall
Copy link
Contributor

rosslagerwall commented Dec 4, 2025

There is only root in dom0

This assertion is not correct for XenServer. In XenServer's dom0 various processes run as different users (e.g. chrony, pvsproxy, QEMU, swtpm, ...). A vulnerability without a privilege escalation in one of those components could then more easily lead to a DoS if the reserve is removed, i.e. it would be a loss of defence-in-depth. Whether this is important enough to keep the reserve is debatable but the discussion at least needs to be had.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MarkSymsCtx MarkSymsCtx MarkSymsCtx left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ydirson @MarkSymsCtx @rosslagerwall