WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Enabling domU to create other domUs

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Enabling domU to create other domUs
From: "Hayawardh V" <hayawardh@xxxxxxxxx>
Date: Tue, 8 Jul 2008 22:45:34 -0400
Delivery-date: Tue, 08 Jul 2008 19:45:57 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=iUHxm7yLlfSR1r86ckamfgXn1IIUDkqfRww2/J7j9Nw=; b=cCfbGMrRo4dccVEMtuaUNbylR2h4DsT9LVgF+pEfoncjBUVTbD/uj4mpJsbwa6Cls9 dyZ0UvNeXjnVX8zToJZ9i9j2HDibPzbbDC1Lljutq+oq2q8RxyPRdVcm8+7b54VPMZK8 tgX/ufQDbSU0eiYTuLHIpHyF8dkaKso5W7ZRE=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=xKK68g39Mhkt4qmQlGX6XMKOyTYlFCTAG82Bq6nFiW29bChu//6BDt1glCCmie7Thm 0PIRipbLihfVNez05lHUfvOzZ9rp7uBdNgyP4+gagCPNaxMfdqPS9n42XPEIJhx+KG1a MN7ozj7CZJai7Iv7XURQ/ML5UhEfWdEehInVk=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <617dbaa80807080925l85f43bfje39e15bb22954b70@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <68f1f87c0807071014y69c3d573y2ef0d6c487371710@xxxxxxxxxxxxxx> <617dbaa80807080925l85f43bfje39e15bb22954b70@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx


On Tue, Jul 8, 2008 at 12:25 PM, Derek Murray <Derek.Murray@xxxxxxxxxxxx> wrote:
Hi Hayawardh,


If you did make your DomU privileged, this would make it privileged
over all domains, which requires you to trust each DomU with this
privilege. This is probably not acceptable from a security
point-of-view. If you had the inclination, you could probably conjure
up a Xen Security Module that enforced hierarchical privilege, but you
would probably still have to modify the tools.

This is exactly what I have in mind. Can you just give me a few additional pointers of what needs to be done with the tools, and the hypervisor?

Thanks a lot!

If you simply want to be able to create domains from a DomU, have you
considered installing xm in that domain and configuring it to use the
instance of xend that runs in Dom0?

Regards,

Derek Murray.

On Mon, Jul 7, 2008 at 6:14 PM, Hayawardh V <hayawardh@xxxxxxxxx> wrote:
> Hi,
>
> What changes would have to be made if I wanted to have a domU create VMs?
> I tried installing the xen tools into a domU rootfs image, and then booted
> the domU. However, xend refuses to start inside the domU.
>
> I realise the changes might be extensive, but I just want an idea of what
> needs to be done.
>
> Also, I find that hardcoded checks like
> if (current-> domain->domain_id != 0)
> return -EPERM
> are extremely few in the current hypervisor.
>
> Regards,
> Hayawardh
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
>
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel