WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] can I boot privilleged dom like dom0 via xm create

from [tgh] [Permanent Link][Original]
To: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] can I boot privilleged dom like dom0 via xm create
From: tgh <tianguanhua@xxxxxxxxxx>
Date: Sun, 29 Jun 2008 12:20:22 +0800
Cc: Derek.Murray@xxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxx, ruby young <yangyang@xxxxxxxxxxxxxxx>
Delivery-date: Sat, 28 Jun 2008 21:21:19 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <200806181831.13559.mark.williamson@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4046dbfd0806130153s32bc7297l7d66ce7b6b3aa40a@xxxxxxxxxxxxxx> <617dbaa80806130302t29ff550dm6845b8f6829e5589@xxxxxxxxxxxxxx> <200806181831.13559.mark.williamson@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.7 (Windows/20060909) 
hi
I am interested in this issue, and I wonder wether we could manage dom0 in xen architecture, that is ,to boot dom0, to reboot it ,to store it ,or restore it ,while suspending domU in memory ,through some domctl whenever necessary, or could we develop some new hypercall to make it work ,or does xen architecture have some inherent limit in itself and have no compatibility with this potential augment? and why not or how to achieve it , could some one give some advise on it 

Thanks in advance







Mark Williamson 写道:

Ruby,
Further to what Derek has said, I'd like to point out that what kernel you use never affects the privilege of the guest.
All the -xen0 kernel name means is that the kernel /can/ do dom0 stuff. This is as opposed to a -xenU kernel, which has had the dom0 support removed from it. Removing the dom0 support in a xenU kernel is done /only to make the kernel smaller/. It doesn't have any effect on security or privilege.
Actually, most distributions seem to now supply one -xen kernel that is used both in dom0 and domU.
This is because, as Derek mentioned, Xen enforces the privileges of guests itself and doesn't have to trust their kernels. This is different to how User Mode Linux works, since in that system the kernel itself enforces the virtual machine boundaries. You can securely run any kernel you want in a domU - even one supplied by the user - because Xen will contain it. 

Cheers,
Mark


At present, there is no way to do this with xm. In the hypervisor,
each struct domain has an is_privileged attribute (which is at present
only set when dom0 is created at boot). You could add a domctl to
control the setting of this bit, and then write a small C program that
uses do_domctl from libxc to set the privilege on a domain.

However, simply running two privileged domains with parallel sets of
Xen tools is unlikely to work, for example because you will end up
with two instances of XenStore.

Regards,

Derek Murray.

2008/6/13 ruby young <yangyang@xxxxxxxxxxxxxxx>:

Hi all,
    I'm using vmlinuz-2.6.18-xen0 as domU kernel and I boot it via xm
create. But the kernel didn't panic, it's running but all of xen tools
can not work. I am surprised at this.
    Now My question whether I can boot privilleged dom like dom0 via xm
create ? and how can I do it?
    I am looking forwards to your suggestions.

Best wishes

                                      Ruby Young

-------------------------------------------------------------------------
--------------------------------------------------------------------------
------------------------------------------------ 杨漾
北京航空航天大学计算机学院体系结构研究所
电话:010-82338059-132
邮件:9907yruby@xxxxxxxxx
地址:北京市海淀区学院路37号北京航空航天大学新主楼 G座1026
-------------------------------------------------------------------------
------- Yang Yang
Institute of Computer Architecture and System
BeiHang University(BUAA)
Tel: (86-10)82338059-132
Email: 9907yruby@xxxxxxxxx
Addr: Room 1026,Building G,The New Main Building,37# Xueyuan Rd.,Haidian
District, Beijing 100083, PRC
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel







_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Is there anybody trying Xen VT-d on X48 chipset?, Neo Jia
Next by Date:  FREE EMS SHIPPING, from $1.x/pill -- Xamax, Valiun, Phentermime, Ambiem & more pills ewqy zpy, Judy Wheeler
Previous by Thread:  Re: [Xen-devel] can I boot privilleged dom like dom0 via xm create, Mark Williamson
Next by Thread:  Re: [Xen-devel] can I boot privilleged dom like dom0 via xm create, Daniel Stodden
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy