|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] NFS and interface security
> Two Xen features I like very much: > - Virtual domains can't see each others' traffic via 'tcpdump', which > means that, for instance, guests using NFS root partitions are > relatively isolated from each other on the wire. > - In a virtual domain, I can't simply 'ifconfig eth0:1 ip.on.my.lan' and > expect it to route; i.e. virtual domains can't steal IP addresses. > > Kudos to whoever made this work right. Am I correct in my > interpretations here? I.e. is this as secure as it looks? Xen is intended to provide secure isolation; your observations are correct. > There's a note in TODO that says "The current virtual firewall/router is > completely broken." Is this still valid? Things will be even better in the next version of the VFR ;-) We will have L4 routing support to enable safe IP address sharing (think RSIP). Ian ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |