WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Re: Access Hypervisor Control from DomU

To: Sean Dague <japh@xxxxxxxxxx>
Subject: Re: [Xen-users] Re: Access Hypervisor Control from DomU
From: Nils Toedtmann <xen-users@xxxxxxxxxxxxxxxxxx>
Date: Thu, 30 Mar 2006 16:07:36 +0200
Cc: Stephan Seitz <s.seitz@xxxxxxxxxxxx>, XEN User - listmembers <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 30 Mar 2006 14:09:24 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20060330130838.GE19886@xxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <442B7013.9070804@xxxxxxxxxxxx> <20060330130838.GE19886@xxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Am Donnerstag, den 30.03.2006, 08:08 -0500 schrieb Sean Dague:
> On Thu, Mar 30, 2006 at 07:43:47AM +0200, Stephan Seitz wrote:
[...] 
> > My question, is it possible to investigate this behaviour (and
> > ideally, xm destroy / create) from one of the live domU's ? I know,
> > this would be a security issue, but is there _any_ access back to the
> > dom0 like the xm console from dom0 to domU's ?
> 
> For exactly the reasons you stated (security), the answer is no.

I remember reading that the only real difference between a dom0 and a
domU kernel is the priviledge to have access to the hypervisor. Why not
declaring a special domU to a "fallback" dom0? Not in the sense of
having access to hw but control over the hypervisor.

That would help if the original dom0 userland dies, but it's kernel
keeps forwarding/bridging packets and blockdevice-I/O, like Stephan's
dom0 did.

/nils.


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users