[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Building domains as a lesser user (was Re: [Xen-devel] boot loaders for domain != 0)
Anthony Liguori wrote: Jacob Gorm Hansen wrote:The current architecture of Xen requires that we trust whatever is running in Domain-0. The problems being cited wouldn't be a problem if you could create domains from unpriviledged Domains because you could have creator Domains who could be created from a trusted source and used as a buffer against attack.Anthony Liguori wrote: If we trust Linux to enforce security, we do not need Xen at all ;-) If you start having domains that can create other domains, IPC, shared memory between domains, all that, you have essentially turned Xen into a microkernel, and you start having all sorts of funny issues like access control, domain ownership, QoS crosstalk and whatnot. And in ten years from now someone will have to invent a new VMM layer to put below Xen only to get another fresh start. I am sure the original UNIX also seemed elegant at first, in the days when it didn't have 250+ different syscalls... Jacob ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |