WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

RE: Building domains as a lesser user (was Re: [Xen-devel] boot loaders

To: "Anthony Liguori" <anthony@xxxxxxxxxxxxx>, "Jacob Gorm Hansen" <jacobg@xxxxxxx>
Subject: RE: Building domains as a lesser user (was Re: [Xen-devel] boot loaders for domain != 0)
From: "Ian Pratt" <m+Ian.Pratt@xxxxxxxxxxxx>
Date: Fri, 4 Feb 2005 09:44:28 -0000
Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 04 Feb 2005 09:45:44 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
Thread-index: AcUKaqFZUyY+eUcWQbO6Jv/jGqMfDgAMxjug
Thread-topic: Building domains as a lesser user (was Re: [Xen-devel] boot loaders for domain != 0)
 
> The current architecture of Xen requires that we trust whatever is 
> running in Domain-0.  The problems being cited wouldn't be a 
> problem if 
> you could create domains from unpriviledged Domains because you could 
> have creator Domains who could be created from a trusted 
> source and used 
> as a buffer against attack.

It's always been part of the plan to be able to delegate dom0 functions
to enable one domain to be given control over another e.g. to create it,
map its pages, stop/start, debug etc.

It just hasn't been a priority to implement this, but it's the direction
we're heading with some of the security work.

Of course, we'll have to rename dom0_op to something else :-)

Ian


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel