[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] protecting xen startup



can i run an xserver in a separate guest OS and still allow the guest
OS direct access to the screen?

how is that done - via a framebuffer drive?

tellmetellme!!!!

There was a very brave chap who had a second PCI graphics card and a second PCI USB controller, which he had given a domain (!=dom0) privileges to access and was trying to persuade X to run. I'm not sure how far he's got now but it's not straightforward.

If I'm not mistaken, you can start up new VMs only from domain0 or
through HTTP interface, So you can easily firewall all traffic inside
domain0 to local port 8000 (except for 127.0.0.1/32).

yeh, *grumble*, and you can also, in selinux, ban applications from
accessing a port.

Well by setting Xend to only receive connections from localhost and then applying SELinux, you can at least restrict access to the control interface to root...

Cheers,
Mark


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.