[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Re: Access Hypervisor Control from DomU

  • To: XEN User - listmembers <xen-users@xxxxxxxxxxxxxxxxxxx>
  • From: John Smith <netman1@xxxxxxx>
  • Date: Thu, 30 Mar 2006 18:57:03 +0200
  • Delivery-date: Thu, 30 Mar 2006 16:58:52 +0000
  • List-id: Xen user discussion <xen-users.lists.xensource.com>

Nils Toedtmann wrote:
Am Donnerstag, den 30.03.2006, 08:08 -0500 schrieb Sean Dague:

On Thu, Mar 30, 2006 at 07:43:47AM +0200, Stephan Seitz wrote:

My question, is it possible to investigate this behaviour (and
ideally, xm destroy / create) from one of the live domU's ? I know,
this would be a security issue, but is there _any_ access back to the
dom0 like the xm console from dom0 to domU's ?

For exactly the reasons you stated (security), the answer is no.

I remember reading that the only real difference between a dom0 and a
domU kernel is the priviledge to have access to the hypervisor. Why not
declaring a special domU to a "fallback" dom0? Not in the sense of
having access to hw but control over the hypervisor.

That would help if the original dom0 userland dies, but it's kernel
keeps forwarding/bridging packets and blockdevice-I/O, like Stephan's
dom0 did.



        if this would be a problem you would have to deal with in the
real world, you would have a identical box on another location and move
the domU's to it and reboot the problem box.



Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.