[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable)

> Thank you! Which approach do you consider the most secure in order to protect
> a user?s file system from another. In other words, which solution is most
> resistant against hacking? How is Xen designed to maintain the security
> between different users? 

The "backend" block driver in dom0 does checks to see if a domain is allowed 
to access a given part of a block device.  These checks are the same no matter 
whether you use a loopback device, ordinary partition, LVM or some other block 
device: they're all equally secure.  There are no known ways for a domain to 
circumvent this.  Use whichever kind of storage suits your needs best.

It should never be possible for a domain to circumvent these checks unless the 
domain is privileged (i.e. for driver domains or admin purposes, this is NOT 
the usual case).

The only disk sharing between domains is explicit: i.e. if you give them both 
rights to access the same areas of disk in their config files.  This is not 
usually a good idea, unless it's read only for both of them.


This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.