WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Anti-virus for use in para-virtualized Xen

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Anti-virus for use in para-virtualized Xen
From: "Mark Greenbank" <mark.greenbank@xxxxxxxxx>
Date: Wed, 4 Apr 2007 12:41:40 -0400
Delivery-date: Wed, 04 Apr 2007 09:40:40 -0700
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=SuUA4Lh0sfo3dDCI2eH118gdAni5715YkKkA2F2qSwcvhmY60a1d1pzc2bJQrrda4J5imOtFLeQtR4f+V8AEYabrf8GOMN0YD4XPuDsUTuGXfPsXUaRehfJUM1FMc/lZCkTmAsiW0pvtZcpAlhYKvlcHXPPkWJOeBUnG5/Ozxps=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=UcEi3B7zp3N1ZuKG/5hIwbMZV3X33I6e604WrIl/dGsHYJ1Vdif2KT08aanTZxCcgYrtFZvIo3IiqZ91d81wAk9KnLHBNzMqsJOgXUEzA/DsN0MgO/vDr8wgD9O3zoqT1nzSlsgqbh/TYEDFeXfCaohkR0KEpR3T3V/TWGn9jvg=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <907625E08839C4409CE5768403633E0B018E1B8A@xxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4613C74D.4080402@xxxxxxxxx> <907625E08839C4409CE5768403633E0B018E1B8A@xxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx

On 4/4/07, Petersson, Mats <Mats.Petersson@xxxxxxx> wrote:


> -----Original Message-----
> From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
> [mailto: xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of
> Nico Kadel-Garcia
> Sent: 04 April 2007 16:42
> To: xen-users@xxxxxxxxxxxxxxxxxxx
> Subject: [Xen-users] Anti-virus for use in para-virtualized Xen
>
>
> I've been looking at anti-virus software for Xen use on Linux
> systems,
> on both Dom0 and DomU, in industrial environments. Reviewing
> documentation on various packages seems to show that all the
> commercial
> ones insist on sticking kernel modules into a limited set of standard
> known kernels. This of course creates some serious risks until the
> anti-virus packages are developed in and tested in Xen environments,
> especially for para-virtualized environments.

I presume the reason they have a standard set of kernels is that they
"meddle" with the kernel and don't supply source-code, which means that
a Xenified kernel doesn't match the expected kernel layout, and thus
can't use the module? [And it's understandable from some aspects that
the AV guys don't really want the V-guys to see the source-code...]

This is a serious limitation with the way the kernel is architected -- a defined kernel interface (e.g., DDI/DKI for both function calls and structures) and loadable modules/drivers are not encouraged, which means that there is a proliferation of customized kernels out there. This really limits the utility of the Linux kernel in a production envronment. I myself am stuck at Core 5 for my (production) laptop since I'm worried that upgrading to the latest+greatest disto will break my VMWare installation and various other components that depend on interfacing with the kernel. I'd love to move to Core 6 but I don't have enough pain to live with having to hack the VMWare modules. With Core 7 around the corner, I suspect that my motivation to hack will increase :)

Mark

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users