This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] protecting xen startup

can i run an xserver in a separate guest OS and still allow the guest
OS direct access to the screen?

how is that done - via a framebuffer drive?


There was a very brave chap who had a second PCI graphics card and a second PCI USB controller, which he had given a domain (!=dom0) privileges to access and was trying to persuade X to run. I'm not sure how far he's got now but it's not straightforward.

If I'm not mistaken, you can start up new VMs only from domain0 or
through HTTP interface, So you can easily firewall all traffic inside
domain0 to local port 8000 (except for

yeh, *grumble*, and you can also, in selinux, ban applications from
accessing a port.

Well by setting Xend to only receive connections from localhost and then applying SELinux, you can at least restrict access to the control interface to root...


SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>