[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Really really small xen0



On Mon, Nov 08, 2004 at 09:51:12AM -0500, Barry Silverman wrote:
> I was wondering if anyone has made a really minimal xen0 image. By this
> I mean an image that doesn't have much more than the kernel (f/e and b/e
> drivers linked in), and run from a crom or squashfs filesystem, and a
> minimal set of tools running in a busybox-like init process. 

I've had good luck with similar projects using the uClibc buildroot kit,
which is intended for making tiny root filesystems for embedded systems
but also works with x86 PC systems.  There's not much documentation for it
but see the CVSweb at <http://www.uclibc.org/cgi-bin/cvsweb/buildroot/> to
see what it comes with.  It can make an initrd that will boot with exactly
the software you want to run and a tmpfs for /tmp, /var and so on, but no
changes to the filesystem can be saved.  It comes with build scripts for
Python and bridge-utils, but you'd have to add Twisted and the XEN tools.

I secure my dom0 by only making it accessible over the console/serial port
and not even giving it an IP address (except on the loopback IF).  It acts
as a layer-2 bridge only.  This is still vulnerable to security bugs in
the hypervisor and VBD/VIF data paths, of course, but it's much better
than the typical config.  -Nathan

Attachment: pgpAsEqJ9wlL5.pgp
Description: PGP signature


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.