| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] Enabling domU to create other domUs
On Tue, Jul 8, 2008 at 12:25 PM, Derek Murray < Derek.Murray@xxxxxxxxxxxx> wrote:
Hi Hayawardh,
If you did make your DomU privileged, this would make it privileged
over all domains, which requires you to trust each DomU with this
privilege. This is probably not acceptable from a security
point-of-view. If you had the inclination, you could probably conjure
up a Xen Security Module that enforced hierarchical privilege, but you
would probably still have to modify the tools.
This is exactly what I have in mind. Can you just give me a few
additional pointers of what needs to be done with the tools, and the
hypervisor?
Thanks a lot!
If you simply want to be able to create domains from a DomU, have you
considered installing xm in that domain and configuring it to use the
instance of xend that runs in Dom0?
Regards,
Derek Murray.
On Mon, Jul 7, 2008 at 6:14 PM, Hayawardh V < hayawardh@xxxxxxxxx> wrote:
> Hi,
>
> What changes would have to be made if I wanted to have a domU create VMs?
> I tried installing the xen tools into a domU rootfs image, and then booted
> the domU. However, xend refuses to start inside the domU.
>
> I realise the changes might be extensive, but I just want an idea of what
> needs to be done.
>
> Also, I find that hardcoded checks like
> if (current-> domain->domain_id != 0)
> return -EPERM
> are extremely few in the current hypervisor.
>
> Regards,
> Hayawardh
>
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
>
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home