> in a post named "[Xen-users] Openswan and Xen DomainU" I see a strange
> thing: a kernel for dom0 used as domU.
> How can it works? why? what differences are bretween dom0/domU kernels?
In addition to the core Linux code, the xen0 kernel includes all the code for
talking to Xen, the code for Xen virtual devices, plus drivers for real
hardware devices, plus code to manage and support other domains.
The xenU kernel includes just the core Linux code, code for talking to Xen and
code for Xen virtual devices. It doesn't include the other stuff, so it's
smaller.
Apart from the size, there's no functional difference, though: if you boot a
xen0 kernel in a domU, the following happens:
* it probes for real hardware and finds it doesn't have access to any, so
those device drivers don't start
* it probe for its privilege level and finds it's not allowed to manage other
domains, so it doesn't start the various privileged interfaces that dom0 runs
Essentially, it behaves as a domU kernel would. Xen enforces these
restrictions so that *even if* it tried to start these drivers and privileged
interfaces, it would not be able to.
You can actually let a user run *any* kernel they want in a domain without
security implications to the rest of the machine (unlike UML, for instance).
Cheers,
Mark
>
> regards
>
> Luca
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home