[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Re: Access Hypervisor Control from DomU

Am Donnerstag, den 30.03.2006, 08:08 -0500 schrieb Sean Dague:
> On Thu, Mar 30, 2006 at 07:43:47AM +0200, Stephan Seitz wrote:
> > My question, is it possible to investigate this behaviour (and
> > ideally, xm destroy / create) from one of the live domU's ? I know,
> > this would be a security issue, but is there _any_ access back to the
> > dom0 like the xm console from dom0 to domU's ?
> For exactly the reasons you stated (security), the answer is no.

I remember reading that the only real difference between a dom0 and a
domU kernel is the priviledge to have access to the hypervisor. Why not
declaring a special domU to a "fallback" dom0? Not in the sense of
having access to hw but control over the hypervisor.

That would help if the original dom0 userland dies, but it's kernel
keeps forwarding/bridging packets and blockdevice-I/O, like Stephan's
dom0 did.


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.