WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] working xen domU kernel with PHYSDEV_ACCESS?

To: Czakó Krisztián <slapic@xxxxxxxxxxx>
Subject: Re: [Xen-users] working xen domU kernel with PHYSDEV_ACCESS?
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Mon, 2 May 2005 18:40:00 +0100
Cc: Xen Users Mailing List <xen-users@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 02 May 2005 18:17:27 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1115057309.13877.7.camel@localhost>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <1114800935.2119.55.camel@localhost> <200505021819.41848.mark.williamson@xxxxxxxxxxxx> <1115057309.13877.7.camel@localhost>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.8
> 2005-05-02, h keltezéssel 18.19-kor Mark Williamson ezt írta:
> > You should just be able to use the dom0 kernel itself - have you tried
> > that?
>
> That works. Ok.
> I think I've misunderstood something in the docs/list archives.
> As I understand, the privileged guest (dom0 kernel) has full privileges
> to the xen command interface (so that can manage domains)

Yes, dom0 has those privileges.  This is, however, *independent* of the kernel 
image it uses.  The PRIVILEGED_GUEST option compiles a kernel that knows 
*how* to access the privileged control interface.  Unless Xen gives it this 
privilege, it still won't be able to manage domains.

Thus, using a xen0 kernel in a domU does not in any way imply reduced 
security.  In fact, from a security PoV it doesn't matter what kernel you use 
in a guest domain - the worst a guest can do is allow *itself* to be 
compromised.  It's not a risk to the rest of the machine to allow users to 
compile their own kernels.

> and is a 
> backend for other domains. The docs also says that a block device
> backend can't be a block device frontend, so that can't use a device
> from an other backand (the Domain-0 for example). But it seems that it
> can...

At the time, it was not possible for a domain to *actively* use both its 
backend driver and its frontend driver.  This is not true anymore in the 
unstable tree for network devices but is still true in the stable tree AFAIK.

There's no problem with a domain having both drivers compiled in, it just 
can't use them both at once.

> Can I disable the PRIVILEGED_GUEST option of the dom0 kernel when I want
> to use that one as a guest with physical device (some pci device)
> access?

You can if you want but if you give a guest physical device access, it'll 
still have (almost) dom0 privileges, you just won't be able to *use* the 
management interface (so easily) from userspace.  Don't let anyone you don't 
trust use this domain ;-)

Privileges for guests with physical device access will gradually get tightened 
up with the introduction of grant tables in the unstable / 3.0 tree.

Cheers,
Mark

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>