|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] stubdomains vs dm_restric
Hi All. I'm playing around with xen 4.12 on linux v5. I hvae some windows 10 domus running in stubdomains. I was satisfied with them, so far. In xen 4.12 dm_restrict came into the game, and I'm wondering which solution is more secure. Due to as per my current understanding, both solutions had been mainly invented to increase HVMs (Windows guests) security. Stubdomains at this stage however seemes to be more mature and a better approach for me. stubdomains ar erunning a minios and that runs in a root process on the host, while dm_restrict runs on the full-blown qemu but un non-root user accounts. I have a feeling, that for a non-friendly guest braking out a stubdomain seemes to more complicated (having less attack vector) then a dm_restrict. Anyone has some ideas please? -- Éliás Tamás Thomas Elias ETIT[nwpro] KFT, Ügyvezető-Hálózatbiztonsági specialista ETIT[nwpro] Ltd, General Manager-Network security specialist Tel. HU: +36/30-497-1626 OpenPGP pubkey: http://etit.hu/doc/et-pub.asc Okleveles mérnök-informatikus (MSC) Master of Science in Information Technology (MSC) Licenced Penetration Tester (TM15-047) Kapcsolat: http://etit.hu/index.php/hu/kapcsolat Jogi nyilatkozat: http://etit.hu/disclaimer-email-hu.txt Contact: http://etit.hu/index.php/en/contact Disclaimer: http://etit.hu/disclaimer-email-en.txt Attachment:
pEpkey.asc _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |