[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] another question about kernel...



> in a post named "[Xen-users] Openswan and Xen DomainU" I see a strange
> thing: a kernel for dom0 used as domU.
> How can it works? why? what differences are bretween dom0/domU kernels?

In addition to the core Linux code, the xen0 kernel includes all the code for 
talking to Xen, the code for Xen virtual devices, plus drivers for real 
hardware devices, plus code to manage and support other domains.

The xenU kernel includes just the core Linux code, code for talking to Xen and 
code for Xen virtual devices.  It doesn't include the other stuff, so it's 
smaller.

Apart from the size, there's no functional difference, though: if you boot a 
xen0 kernel in a domU, the following happens:
* it probes for real hardware and finds it doesn't have access to any, so 
those device drivers don't start
* it probe for its privilege level and finds it's not allowed to manage other 
domains, so it doesn't start the various privileged interfaces that dom0 runs

Essentially, it behaves as a domU kernel would.  Xen enforces these 
restrictions so that *even if* it tried to start these drivers and privileged 
interfaces, it would not be able to.

You can actually let a user run *any* kernel they want in a domain without 
security implications to the rest of the machine (unlike UML, for instance).

Cheers,
Mark

>
> regards
>
> Luca
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.