| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
[Xen-devel] Truly Autonomous Migration
hi,
I just had my first success at self-migrating a domain across two hosts,
with absolutely no involvement from Xen or Domain0. On the sending side
I have a self-migrating XenLinux 2.4, migrated by a small userspace
process inside it, which reads a checkpoint from /dev/checkpoint and
writes it to a TCP socket.
On the receiving side I have a small (the kernel binary is 25952 bytes)
TCP stack and server in an unprivileged domain. It receives the
checkpoint, fixes up the pagetables, and jumps to the incoming data,
which resumes there and has now been live-migrated to the new host.
Apart from the coolness-factor of being able to checkpoint and migrate
oneself without outside involvement (as well as some performance
benefits of not having to run with shadow page tables, though it has
been a while since I made any direct comparisons against Ian's stuff),
this to me seems to be good news for security. If a machine can run
without any privileged code facing the network, the attack surface and
thus risk of compromise is greatly reduced.
I will make binaries available tomorrow, if anyone is interested in
playing with this? (Guess not, but at least I am having fun with this ;-))
Best,
Jacob
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-devel] Truly Autonomous Migration,
Jacob Gorm Hansen <=
|
|
|
| |
|
Home