This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] Re: Users can provide their own kernels?

Mark Williamson wrote:
Using the kexec approach, there'd be a bootloader kernel in dom0 that initially runs in the domain, mounts the FS and finds the appropriate files. Kexec is then used to jump into execution of a kernel from the guest filesystem. Thus the bootloader runs in the domU *and* the guest kernel is in the domU filesystem.

The second approach is a bit more complicated to implement (from a developer PoV) but does have the advantages that all access to the guest filesystem occurs in an unprivileged domain and that it can immediately support all filesystems Linux will support. *however* this will arguably be most important to people who are a) paranoid about security (highly untrusted guests) or b) use really weird filesystems ;-)

This is very disconcerting to someone who was looking at renting out domU space on a Xen machine.

Will there be options to prevent a domU that booted a dom0 kernel from accessing xend? I'd hate for an abusive user to balloon all the other domUs to 16MB RAM and balloon themselves to 1GB RAM, play with scheduling parameters, or randomly kill off other domUs.

If this is controlled by ip/mac or other magic, please let me know and we'll just forget I asked...

Andrew Thompson

Attachment: andrewkt.vcf
Description: Vcard

Xen-users mailing list