This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable)

To: Rune Johan Andresen <runejoha@xxxxxxxxxxx>
Subject: Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable)
From: Mark Williamson <Mark.Williamson@xxxxxxxxxxxx>
Date: Mon, 19 Jul 2004 17:49:05 +0100
Cc: Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxxx, Rune Johan Andresen <Rune.Johan.Andresen@xxxxxxxxxxx>, Mark.Williamson@xxxxxxxxxxxx
Delivery-date: Mon, 19 Jul 2004 17:53:23 +0100
Envelope-to: steven.hand@xxxxxxxxxxxx
In-reply-to: Message from Rune Johan Andresen <runejoha@xxxxxxxxxxx> of "Mon, 19 Jul 2004 15:59:15 +0200." <D214453A-D98B-11D8-A13B-000A95B44940@xxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
> Thank you! Which approach do you consider the most secure in order to protect
> a user?s file system from another. In other words, which solution is most
> resistant against hacking? How is Xen designed to maintain the security
> between different users? 

The "backend" block driver in dom0 does checks to see if a domain is allowed 
to access a given part of a block device.  These checks are the same no matter 
whether you use a loopback device, ordinary partition, LVM or some other block 
device: they're all equally secure.  There are no known ways for a domain to 
circumvent this.  Use whichever kind of storage suits your needs best.

It should never be possible for a domain to circumvent these checks unless the 
domain is privileged (i.e. for driver domains or admin purposes, this is NOT 
the usual case).

The only disk sharing between domains is explicit: i.e. if you give them both 
rights to access the same areas of disk in their config files.  This is not 
usually a good idea, unless it's read only for both of them.


This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
Xen-devel mailing list