This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Really really small xen0

To: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Really really small xen0
From: Nathan Lutchansky <lutchann@xxxxxxxxxx>
Date: Mon, 8 Nov 2004 11:39:05 -0500
Delivery-date: Tue, 09 Nov 2004 07:52:50 +0000
Envelope-to: steven.hand@xxxxxxxxxxxx
In-reply-to: <001101c4c5a2$67272910$6400a8c0@gandalf>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <001101c4c5a2$67272910$6400a8c0@gandalf>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.6i
On Mon, Nov 08, 2004 at 09:51:12AM -0500, Barry Silverman wrote:
> I was wondering if anyone has made a really minimal xen0 image. By this
> I mean an image that doesn't have much more than the kernel (f/e and b/e
> drivers linked in), and run from a crom or squashfs filesystem, and a
> minimal set of tools running in a busybox-like init process. 

I've had good luck with similar projects using the uClibc buildroot kit,
which is intended for making tiny root filesystems for embedded systems
but also works with x86 PC systems.  There's not much documentation for it
but see the CVSweb at <http://www.uclibc.org/cgi-bin/cvsweb/buildroot/> to
see what it comes with.  It can make an initrd that will boot with exactly
the software you want to run and a tmpfs for /tmp, /var and so on, but no
changes to the filesystem can be saved.  It comes with build scripts for
Python and bridge-utils, but you'd have to add Twisted and the XEN tools.

I secure my dom0 by only making it accessible over the console/serial port
and not even giving it an IP address (except on the loopback IF).  It acts
as a layer-2 bridge only.  This is still vulnerable to security bugs in
the hypervisor and VBD/VIF data paths, of course, but it's much better
than the typical config.  -Nathan

Attachment: pgpK48psDx0Nw.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>