|  |  | 
  
    |  |  | 
 
  |   |  | 
  
    |  |  | 
  
    |  |  | 
  
    |   xen-users
RE: [Xen-users] Xen binary distrib's kernel as domU kernel 
|  
> -----Original Message-----
> From: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
> [mailto:xen-users-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of 
> Ulrich Windl
> Sent: 11 January 2007 07:27
> To: xen-users@xxxxxxxxxxxxxxxxxxx
> Subject: Re: [Xen-users] Xen binary distrib's kernel as domU kernel
> 
> On 10 Jan 2007 at 20:23, Sipos Ferenc wrote:
> 
> > Hi All,
> > 
> > just a quicky. Is it a security breach (by any means) if I run the
> > official XenSource e.g. vmlinuz-2.6-xen kernel as my domU kernel? I
> 
> AFAIK, openSUSE (SLES10) uses the very same kernel to boot 
> Dom0 and DomUs. It's 
> conventient if you think about kernel updates and kernel 
> security fixes. However 
> each DomU has it's own copy of the kernel that's used to boot 
> the DomU.
> 
> Never had an unsafe feeling with that.
I agree. The "safety" of DomU vs. Dom0 doesn't come from the
configuration of the kernel - It's the Xen hypervisor that knows if a
domain is Dom0 or DomU that makes it safe - and no matter what kernel
you load, DomU's will still not be able to do things they shouldn't,
since Xen itself will prevent it. Well, ok, so xend and some other tools
will also be involved in determining what gets set up for the kernel,
which in turn enables/disables some of the features, but those decisions
are still based on the information from the hypervisor when the Domain
is started - there can only be one Dom0. 
--
Mats
> 
> Ulrich
> 
> 
> > mean, this has the 'Privilege domain' option compiled in 
> (as the very
> > same one runs under the dom0 itself) as well as the 
> {net,block}-backend
> > drivers?
> > 
> > I'm using it in a potentially malicious environment (VPS 
> hosting) and I
> > want to make sure noone can tamper with system from a domU 
> the way that
> > is not desirable.
> > 
> > Thanks for your time in advance,
> > Frank
> > 
> > 
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-users
> 
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
> 
> 
> 
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
 | 
 |  | 
  
    |  |  |