xen-devel

[Top] [All Lists]

Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable)

from [Mark Williamson]

[Permanent Link][Original]

To:	Rune Johan Andresen <runejoha@xxxxxxxxxxx>
Subject:	Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable)
From:	Mark Williamson <Mark.Williamson@xxxxxxxxxxxx>
Date:	Mon, 19 Jul 2004 17:49:05 +0100
Cc:	Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxxx, Rune Johan Andresen <Rune.Johan.Andresen@xxxxxxxxxxx>, Mark.Williamson@xxxxxxxxxxxx
Delivery-date:	Mon, 19 Jul 2004 17:53:23 +0100
Envelope-to:	steven.hand@xxxxxxxxxxxx
In-reply-to:	Message from Rune Johan Andresen <runejoha@xxxxxxxxxxx> of "Mon, 19 Jul 2004 15:59:15 +0200." <D214453A-D98B-11D8-A13B-000A95B44940@xxxxxxxxxxx>
List-archive:	<http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help:	<mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id:	List for Xen developers <xen-devel.lists.sourceforge.net>
List-post:	<mailto:xen-devel@lists.sourceforge.net>
List-subscribe:	<https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe:	<https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender:	xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx

> Thank you! Which approach do you consider the most secure in order to protect
> a user?s file system from another. In other words, which solution is most
> resistant against hacking? How is Xen designed to maintain the security
> between different users? 

The "backend" block driver in dom0 does checks to see if a domain is allowed 
to access a given part of a block device.  These checks are the same no matter 
whether you use a loopback device, ordinary partition, LVM or some other block 
device: they're all equally secure.  There are no known ways for a domain to 
circumvent this.  Use whichever kind of storage suits your needs best.

It should never be possible for a domain to circumvent these checks unless the 
domain is privileged (i.e. for driver domains or admin purposes, this is NOT 
the usual case).

The only disk sharing between domains is explicit: i.e. if you give them both 
rights to access the same areas of disk in their config files.  This is not 
usually a good idea, unless it's read only for both of them.

HTH,
Mark 



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] Getting X to work on XEN unstable / xenolinux 2.4.26, Richard Ta-Min Re: [Xen-devel] Getting X to work on XEN unstable / xenolinux 2.4.26, Ian Pratt Re: [Xen-devel] Getting X to work on XEN unstable / xenolinux 2.4.26, Keir Fraser [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable), Rune Johan Andresen Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable), Ian Pratt Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable), Ian Pratt Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable), Rune Johan Andresen Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable), Mark Williamson <=

Previous by Date:	Re: [Xen-devel] Newbie question: Error creating domain, Ian Pratt
Next by Date:	Re: [Xen-devel] Newbie question: Error creating domain, Fredrik Dahlberg
Previous by Thread:	Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable), Rune Johan Andresen
Next by Thread:	[Xen-devel] /proc/xen/memory_target patch, David Becker
Indexes:	[Date] [Thread] [Top] [All Lists]