> I have a question about isolation and security guarantees Xen
> provides, if any, in cases when domU guests are not completely
> that is, can be malicious. Right now I am specifically interested in
> scenario where all guests are paravirtualized, but HVM case is of some
> interest too.
> Say, I want to let my users run their own guests on a Xen host
> I own. Users will bring their own disk images. I don't completely
> users. Does the use of Xen guarantees that malicious guests will be
> to harm other guests or the entire host in any way (for example, kill
> entire host)? It is interesting to know both what is guaranteed in
> (that is, if Xen and dom0 work as designed) and how things go in
> If I disallow users to use their kernels, that is, if I run
> with my own kernel(s) only, will that improve the situation? How about
> loadable kernel modules? If I allow Linux guests to load their custom
> kernel modules, will that nullify the effect of using trusted kernels?
> I currently use Xen 3.1.4, if that matters.
When developing the Windows GPLPV drivers I crashed my Dom0 (and
therefore all DomU's) on a few occasions. That was under 3.0.3, 3.0.4,
and possibly some early 3.1.x versions of Xen. As crashing was the exact
opposite of what I was trying to do, I didn't pursue it, but obviously
it has been possible in the past to cause a crash by doing something
wrong in the PV side of things.
Is there a limit on the amount of data you can write to the xenstore?
Overflowing some limit in xenstore could be one method of causing a
Xen-users mailing list