Rumor has it that on Mon, Mar 14, 2005 at 04:16:52PM +0100 Kurt Garloff said:
> On Mon, Mar 14, 2005 at 09:58:50AM -0500, Philip R Auld wrote:
> > Rumor has it that on Sun, Mar 13, 2005 at 10:51:22PM +0100 Kurt Garloff
> > said:
> > > Normally, you'd expect that only the sysadmin is able to control
> > > virtual machines. This would be the result of this simple tweak.
> > Which sysadmin? Dom0 sysadmin may not be the same as a vm's sysadmin.
> > You would not want a VM sysadmin to be able to manage someone else's VM,
> > but he may want control over his own.
> The most straightforward approach would be to have dom0 sysadmin to be
> the one in control of all the other domains.
That's not really ideal for a virtualized environment. Think of a hosting
setup for example. You'd really like to have the "hoster" control dom0, but
have roles that allow a vm sysadmin to control his domain. Console and
power/reset only perhaps, but still some xend access.
> Currently all dom0 users are, which is inconvenient, as machines that
> are used as desktops will need to have dom0 uers.
> Of course, the other domains can have their own root users. This is
> not changed by restricting control connections to be originating from
> ports < 1024.
I'm not arguing against that. I was just pointing out the difference in
roles needed. I think that will actually be orthagonal to protecting
xend itself. Make it secure first then carefully allow access for roles.
The tools will need to handle this permission I think.
> Kurt Garloff <kurt@xxxxxxxxxx> [Koeln, DE]
> Physics:Plasma modeling <garloff@xxxxxxxxxxxxxxxxxxx> [TU Eindhoven, NL]
> Linux: SUSE Labs (Director) <garloff@xxxxxxx> [Novell Inc]
Philip R. Auld, Ph.D. Egenera, Inc.
Software Architect 165 Forest St.
(508) 858-2628 Marlboro, MA 01752
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Xen-devel mailing list