This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] Disable QEMU monitor in HVM domains

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Disable QEMU monitor in HVM domains
From: "Rik v. A" <rikratva@xxxxxxxxx>
Date: Tue, 30 Dec 2008 13:43:21 +0100
Delivery-date: Tue, 30 Dec 2008 04:43:59 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=cDkae0uc6OrShTtNbLy1NZhv3/XCUNwfcN4nTwNcZf8=; b=J3XyUFOabitTjexVWlV6Sis4JEmayWXRWgQEc7mmpsdavaqZhTO/1elF5FIbGvbGJL 0fiZ6z6qTmA2ZyH6uWXiv+ZdgKk1cuezhC6cG9PIiYTWiRja7ijKSCGCtE6VvJM6qDdz vNmy/EIACfGyYO3AbFvC9j1XD6vrCv3DMlYzU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=U/incOSzW152hdF1kQSF8QtAI9+1b08i1nBmspsDHe06YjH2ZCa285wLGinW8TLKqg YTISRkNiuj1+dWocXXdzl/NTbwNbN9t4Z534hQdvd4NIYNaSZTdWB1WAMKSyIyTzyoSk iQyX02DPpkWTjr5RgRgx8KYYKMzRe5FZcgoMA=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx

I use Xen 3.3, installed from sources. I run a few HVM domains for
clients. QEMU is also from the Xen 3.3 source package.

It seems that the QEMU Monitor is *by default* accessible via the VNC
interface (CTRL+ALT+2) on these domains. I did some research on
Google, and it seems that most people say that it has been disabled by
default since an earlier Xen/QEMU branch.

I am using more or less the default out-of-the box configuration, with
few options changed.
This is of course a big security risk. The monitor should be disabled
by default, and it clearly isn't.

I can't seem to disable it either. I tried options "monitor=0" and
such in the domain configurations, but there's no difference.

I would really, really, really like to change this behavior!

Kind regards,

Xen-users mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] Disable QEMU monitor in HVM domains, Rik v. A <=