WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] guest kernel clarifications

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] guest kernel clarifications
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Mon, 20 Feb 2006 17:05:23 +0000
Cc: Tim Freeman <tfreeman@xxxxxxxxxxx>
Delivery-date: Mon, 20 Feb 2006 17:22:22 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20060220105651.2a41f719.tfreeman@xxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20060220105651.2a41f719.tfreeman@xxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.9.1
> In past Xen versions, setting a kernel to support privliged drivers or be a
> priviliged domain (0) was a kernel config.  But driver domains are not
> supported in Xen3 yet, as far as I understand.

They'll be back soonish - probably in 3.0.2, I believe.

> In Xen2, could a guest be booted with such a configured kernel but without
> priviliges because domain 0 did not tell the domain builder it was OK? 

Yes.

> Someone recently told me in person that there was such a configuration. 
> i.e., it was not only the kernel configuration but some other domain
> building flag and both were required to make it happen?

Whether the guest knows how to access the privileged interfaces of Xen or 
drive real devices (these are set in the kernel config) is orthogonal to 
whether the guest is allowed to access those interfaces at runtime (these are 
part of the domain config).

The domain building setting is the important one: an unprivileged domain just 
*can't* see or access the real devices, no matter what its kernel contains.  
A domain with device access is inherently more trusted.

It's perfectly safe to use a dom0 kernel in a domU with no devices, and have 
Xen ensure the domU stays unprivileged.

Cheers,
Mark

-- 
Dave: Just a question. What use is a unicyle with no seat?  And no pedals!
Mark: To answer a question with a question: What use is a skateboard?
Dave: Skateboards have wheels.
Mark: My wheel has a wheel!

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>