[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Enabling domU to create other domUs


  • To: "Ian Jackson" <Ian.Jackson@xxxxxxxxxxxxx>
  • From: "Hayawardh V" <hayawardh@xxxxxxxxx>
  • Date: Thu, 10 Jul 2008 08:46:11 -0400
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Thu, 10 Jul 2008 05:46:33 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=sO4MTQdx4dwzuULgnE1WlvllcWFxqG3jfCzQnZZckcjob2b2A/Dr6v+QGDdYINfstx 9RsDDlIH+tqN4LpNfLvg3/wHNf9fD+Vr+s8F/CbIrMl/XQ7S+Xm/dvieTTp5W/je/7cf rrxTIe8TT+MtzlL3x1BL75k2MobT9hH97fld4=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>



On Wed, Jul 9, 2008 at 8:38 AM, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> wrote:
Cihula, Joseph writes ("RE: [Xen-devel] Enabling domU to create other domUs"):
> If you're up for doing some work, I'd recommend that approach as it will
> not only solve your problem but also bring the community a step closer
> to a de-privileged dom0.

I agree with this (although the original enquirer may find that this
is not necessarily the most expedient path to solving their problem).

Thanks all for the suggestions. I am envisioning a system where each domain has the capability to create/destroy any domain and perform any task. In effect, all domains should have the power of the current-day dom0. The XSM policy should control which domain can do what. Isn't this the most general approach?

If the capability of domain creation is separated into a domB, still only domB will be capable of creating a domain.
(Of course, if all domains have full power, then the size of the TCB will depend on the properties of the policy).


I would not recommend using the Xen Security Modules arrangements.
There are quite a few bugs in this code, including some very serious
security bugs (which sadly we aren't allowed to give more information
about as the reports were embargoed).

Unfortunately turning on the XSM support is likely to result in a
substantially less secure system.

I agree that XSM today may be insufficient, but I am not going to use it in a production system, and hopefully it will mature in the future.

Hayawardh

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.