[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] beginners question concerning security
> as I'm a real beginner I would be pleased if someone can answer a maybe > simple question. No probs, welcome to the community! > I'm looking for a virtaul server system to be used by diffrent entities. As > I heard from other solutions there are often (at least small) security > problems. > > Now I would like to know if it's (at least theoretical possible) that one > user from domU_a can access domU_b or even dom0. Nothing we know of. If there was, it'd be a bug and we'd be all over it, getting it fixed :-) In non-trivial software it's always possible such a bug exists but we're aiming to get high-assurance from the fact that Xen itself is relatively small and well-reviewed. > Btw, what makes the difference between dom0 and domU? Dom0 is privileged to access the real machine hardware and map other domain's memory. DomUs are only privileged to access their own resources - if they want to do IO, they have to ask dom0. This separation is enforced by Xen, so you can run whatever you want in a domU without compromising this privilege difference. It is safe to allow users to compile their own kernel, for instance. Btw, we supply a "xen0" kernel and a "xenU" kernel for XenLinux. The difference is that the xen0 kernel may run in *any* domain, the xenU kernel is smaller but can only run in a domU because it doesn't have the drivers for the "real" hardware. > Any hint would be apprecitated.. > > btw (I already read tfm :-)) Thanks, it's appreciated :-) Cheers, Mark _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |