| |
|
 |
|
 |
|
|
|
| |
|
|
xen-users
Re: [Xen-users] guest kernel clarifications
Thankyou
On Mon, 20 Feb 2006 17:05:23 +0000
Mark Williamson <mark.williamson@xxxxxxxxxxxx> wrote:
> > In past Xen versions, setting a kernel to support privliged drivers or be a
> > priviliged domain (0) was a kernel config. But driver domains are not
> > supported in Xen3 yet, as far as I understand.
>
> They'll be back soonish - probably in 3.0.2, I believe.
>
> > In Xen2, could a guest be booted with such a configured kernel but without
> > priviliges because domain 0 did not tell the domain builder it was OK?
>
> Yes.
>
> > Someone recently told me in person that there was such a configuration.
> > i.e., it was not only the kernel configuration but some other domain
> > building flag and both were required to make it happen?
>
> Whether the guest knows how to access the privileged interfaces of Xen or
> drive real devices (these are set in the kernel config) is orthogonal to
> whether the guest is allowed to access those interfaces at runtime (these are
> part of the domain config).
>
> The domain building setting is the important one: an unprivileged domain just
> *can't* see or access the real devices, no matter what its kernel contains.
> A domain with device access is inherently more trusted.
>
> It's perfectly safe to use a dom0 kernel in a domU with no devices, and have
> Xen ensure the domU stays unprivileged.
>
> Cheers,
> Mark
>
> --
> Dave: Just a question. What use is a unicyle with no seat? And no pedals!
> Mark: To answer a question with a question: What use is a skateboard?
> Dave: Skateboards have wheels.
> Mark: My wheel has a wheel!
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
| |
|
Home