|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] are Xen 3.1.0 kernels CVE-2007-4573 vulnerable
Steven Timm wrote: > And I am trying to figure out what other > people like myself are doing--namely those who need to keep > Xen 3.1.0 plus some kind of redhat working together and security-patched. > Is there anyone on this list who has such a setup working at the moment? > > > I'm learning a lot from this discussion and appreciate everyone's > help, but hopefully someone can point me to a solution of the form > "here is > what I did and it works" rather than "maybe this will work." > >> >>> I understand that a xen 3.0.3-compiled kernel could be a domU in this >>> setup but not a dom0. Is this understanding wrong? >> >> It definitely couldn't be a dom0. >> I'm using xen.gz and xen userland from Xen-3.1 (compiled from a modified RHEL's xen .src.rpm), together with RHEL5's kernel-xen (3.0.3) for dom0, with solaris and WinXP HVM domU, and it works. This way I have to maintain xen rpm manually (including fixing it for CVE-2007-4993, for example), but at least I can use RH's kernel rpm. I chose this approach because : - I want to use something with a long support lifetime for both dom0 and domU, so Fedora is not an option. - I have little need for Xen 3.1. Most of my servers can run happily on RHEL5/Xen 3.0.3, so manually updating a small number of server is acceptable. If you want vendor-maintained xen and kernel, you could use Fedora 7 (or whatever distro that ships with Xen 3.1) for dom0, and have RHEL5 for domU. Of course, given the limited lifetime of Fedora, you should also prepare to upgrade your dom0 with the next Fedora/RHEL when its released. Regards, Fajar _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |