Xen project Mailing List

Re: [Xen-users] IP blocking

From: Nico Kadel-Garcia <nkadel@xxxxxxxxx>

Date: Mon, 06 Aug 2007 20:54:14 +0100

Delivery-date: Mon, 06 Aug 2007 12:51:34 -0700

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=K6PQ2o5LyR7RfH9dZStnTlh/xB/mT1g/mXjXDCS5VGRb1X7Dg3ANeE0lU/bTIyrwn6Qcj1Y20acFiGpTvjMjaXmJVFzL56JOQx38SDMUCzzaYxIYu+88124NhJB9b3nHMxqp1kfi5OZ+nnqmeZh+l6nbH25bkDPRss730SySgSI=

List-id: Xen user discussion <xen-users.lists.xensource.com>

shacky wrote:

Hi.

How I can assing a given IP address to a given domU and force the user
of that domU to use that IP address and not all other?
I don't want the user to change the IP address of his virtual machine
in /etc/network/interfaces with one ore more IP addresses which are
not assigned to him.
In addition I don't want the user to create more virtual interface
(eth0:x) than he is allowed to use (I allow each domU to have only two
IP addresses).

This isn't really a Xen issue: it's a "someone has root on a machine in

my cluster" issue.

You can try to outsmart them by upstream switch programming, firewall

setups, local configurations, etc. Or you can save trying to implement

that in complex new configurations and monitor the "xm list -l" XML

based output for forbidden configurations, and slap down any domain you

catch misbehaving this way.

At least, that's how *I'd* do it.... _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

References:

[Xen-users] IP blocking
- From: shacky

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.