|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Trace domU's process file access by/inside Xen
Hello. El 03/04/13 08:30, Winai Wongthai escribió: By using or inside Xen itself not dom0 or domU, In short, no. Nothing can be done within Xen intself.Please note that the storage (ant the networking) resources are offered to DomU's not by the hypervisor itself, but by Dom0. Now that I mention it, it is possible to set up a "stub domain" in order to give this job to a less privileged domain, but it still stays within a virtual machine, not within the hypervisor itself. Beside, any control interaction with Xen hypervisor has to be done via Dom0. Obviously, a interaction between Dom0 and the hypervisor takes place, while exporintg resources to DomU, but it is very low level, and would require heavy hypervisor hacking to get into it. In short, no, as far as I know. The way you intend to do it is rather complex.it is possible that I can trace which domU's process reads, writes, opens, or closes ( system call number 3-6 ) a particular file inside domU itself? Theoretically, you could monitor DomU's disk access from Dom0. What you could actually see would not be FS system calls, but blocks read and write, because it's a low level block device what is exported to the DomU. If intercepted, (again, theoretically) it would be possible to parse those reads and writes, and find out what's going on inside using some technique similar to networking Deep Packets Inspection (take raw data, look for patterns, compare to templates). If you intend to audit your FS access, the place to do it is the DomU itself. Auditd utility seems to be the right tool, never used it myself. http://linux.die.net/man/8/auditd Greetings. -- Alexandre Kouznetsov _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |