[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable)
> Thank you! Which approach do you consider the most secure in order to protect > a user?s file system from another. In other words, which solution is most > resistant against hacking? How is Xen designed to maintain the security > between different users? The "backend" block driver in dom0 does checks to see if a domain is allowed to access a given part of a block device. These checks are the same no matter whether you use a loopback device, ordinary partition, LVM or some other block device: they're all equally secure. There are no known ways for a domain to circumvent this. Use whichever kind of storage suits your needs best. It should never be possible for a domain to circumvent these checks unless the domain is privileged (i.e. for driver domains or admin purposes, this is NOT the usual case). The only disk sharing between domains is explicit: i.e. if you give them both rights to access the same areas of disk in their config files. This is not usually a good idea, unless it's read only for both of them. HTH, Mark ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21&alloc_id040&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |