WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Fwd: [Xen-devel] Enabling domU to create other domUs

from [Hayawardh V] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Fwd: [Xen-devel] Enabling domU to create other domUs
From: "Hayawardh V" <hayawardh@xxxxxxxxx>
Date: Thu, 4 Sep 2008 11:16:58 -0400
Delivery-date: Thu, 04 Sep 2008 08:17:25 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=HguyZzvEwNNJ+Tmwi4S9ZWopJCOpAjREkLaTp6wVxos=; b=Wwmwt6vuUuecJqkNdZqFIUBfotj2qgON4lDYvxqvUTFwGIw5byvBS9H7fQFCimabMm UI5eW8NvA5A5dR1n4cmYi5V+J+aqDjkufPR6GXQYjlrphKhRJYnZz6YK248vCMHUOaca 3ONxLsol2LPZbE1cef726YeeTyje8GGcLo0oM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=MhwtyIhqvbfR5MyBmHhOPv+hiCEoEl6NEa+aA6fFOajYMN33Mn6d4fDJ4HarP5ODoQ 8ewiKSmu9seUZD+UP/gl+twMG0RoKEKQNoaB/rY0jD/2YM81UB7CupQDwxoTPnqJUY6o u2e0+b64sASqMU+9BuHZbWSVyt8es1BSVc/Fw=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <68f1f87c0809040816g3b838f1ap9534607f559ca208@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <68f1f87c0807071014y69c3d573y2ef0d6c487371710@xxxxxxxxxxxxxx> <617dbaa80807080925l85f43bfje39e15bb22954b70@xxxxxxxxxxxxxx> <D936D925018D154694D8A362EEB0892004E07EFB@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <68f1f87c0807081945m72a886abn4fd5020cb4a57f2a@xxxxxxxxxxxxxx> <18548.45358.334113.690163@xxxxxxxxxxxxxxxxxxxxxxxx> <68f1f87c0807100546j3c58ddbu11981de25f7c7d49@xxxxxxxxxxxxxx> <68f1f87c0809040816g3b838f1ap9534607f559ca208@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
I see that Xen roadmap has the following: 

More interestingly, it would be useful to be able to delegate
privilege such as to be able to grant a domain permission to perform a

certain privileged operation on some specified other domain or group

of domains. This leads naturally to a hierarchical model of
domain resource allocation and permission, for example allowing a
domain with only a very restricted privilege capability to create a
new domain by carving it out of its own resource allocation. It would


then have full control over this domain, allowing it to destroy it,
pause it, map its pages, attach a debugger etc. 

>From Xen's low-level `datapath' point of view we want to flatten this
hierarchy to keep the privilege check operations as simple as


possible, with only the control operations having to worry about the
extra complexity. Citing the example in the previous paragraph of
having one domain build another, this should be quite achievable as
some care is already taken to have the domain builder use standard


unprivileged interfaces.
http://lists.xensource.com/archives/html/xen-devel/2006-07/msg00374.html

I am wondering if there is any real use for a hierarchy in the real world? Has there been any discussion on this before?

Thanks,
Hayawardh

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Fwd: [Xen-devel] Enabling domU to create other domUs, Hayawardh V <=
Previous by Date:  [Xen-devel] Question: How to map granted pages into domU properly?, abc
Next by Date:  Re: [Xen-devel] Question: How to map granted pages into domU properly?, Asim
Previous by Thread:  [Xen-devel] Question: How to map granted pages into domU properly?, abc
Next by Thread:  [Xen-devel] RE: How to simply automatically resume suspended Xend managed domains on Xend start in Xen 3.2.1, Artur Linhart - Linux communication
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy