[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Building domains as a lesser user (was Re: [Xen-devel] boot loaders for domain != 0)

Anthony Liguori wrote:
Jacob Gorm Hansen wrote:

Anthony Liguori wrote:

If we trust Linux to enforce security, we do not need Xen at all ;-)

The current architecture of Xen requires that we trust whatever is running in Domain-0. The problems being cited wouldn't be a problem if you could create domains from unpriviledged Domains because you could have creator Domains who could be created from a trusted source and used as a buffer against attack.

If you start having domains that can create other domains, IPC, shared memory between domains, all that, you have essentially turned Xen into a microkernel, and you start having all sorts of funny issues like access control, domain ownership, QoS crosstalk and whatnot. And in ten years from now someone will have to invent a new VMM layer to put below Xen only to get another fresh start. I am sure the original UNIX also seemed elegant at first, in the days when it didn't have 250+ different syscalls...


This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.