|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] protecting xen startup
can i run an xserver in a separate guest OS and still allow the guest OS direct access to the screen? how is that done - via a framebuffer drive? tellmetellme!!!! There was a very brave chap who had a second PCI graphics card and a second PCI USB controller, which he had given a domain (!=dom0) privileges to access and was trying to persuade X to run. I'm not sure how far he's got now but it's not straightforward. If I'm not mistaken, you can start up new VMs only from domain0 or through HTTP interface, So you can easily firewall all traffic inside domain0 to local port 8000 (except for 127.0.0.1/32).yeh, *grumble*, and you can also, in selinux, ban applications from accessing a port. Well by setting Xend to only receive connections from localhost and then applying SELinux, you can at least restrict access to the control interface to root... Cheers, Mark ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users.Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |