WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] XCP - untrusted domUs?

To: "Xen User-List" <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-users] XCP - untrusted domUs?
From: "Matthew Law" <matt@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Feb 2010 12:32:44 -0000
Delivery-date: Mon, 22 Feb 2010 04:33:50 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
Importance: Normal
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Reply-to: matt@xxxxxxxxxxxxxxxxxx
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: SquirrelMail/1.4.19
Our ongoing experiments with XCP have been encouraging - still struggling
with debian Lenny install and my question from last week didn't get
answered -hint, hint! ;-)

Anyway, does XCP have any native support for iptables and ebtables rules?
- what I mean is, we currently use Xen 3.4.2 on CentOS and roll our own
iptables and ebtables rules to prevent IP spoofing and also _try_ and
prevent DHCP requests being answered by DHCP servers other than our own.

This has an overhead in that every time install and upgrade a dom0 we have
to also clone the config and associated dependencies.  It would be really
cool if this kind of thing 'just worked'.  It would be even cooler if it
was configurable in the domU config file.  For us this kind of thing is
very important when hosting untrusted domUs.  We also prefer pvgrub
aswell, but that wouldn't be a deal breaker.

Does XCP support anything like this? - I know it is basically CentOS, so
in theory one could roll their own config, but that would take away
somewhat from the simplicity of it all.

Thanks,

Matt


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>