Xen project Mailing List

Fwd: [Xen-devel] Enabling domU to create other domUs

From: "Hayawardh V" <hayawardh@xxxxxxxxx>

Date: Thu, 4 Sep 2008 11:16:58 -0400

Delivery-date: Thu, 04 Sep 2008 08:17:25 -0700

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=MhwtyIhqvbfR5MyBmHhOPv+hiCEoEl6NEa+aA6fFOajYMN33Mn6d4fDJ4HarP5ODoQ 8ewiKSmu9seUZD+UP/gl+twMG0RoKEKQNoaB/rY0jD/2YM81UB7CupQDwxoTPnqJUY6o u2e0+b64sASqMU+9BuHZbWSVyt8es1BSVc/Fw=

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

I see that Xen roadmap has the following:

More interestingly, it would be useful to be able to delegate
privilege such as to be able to grant a domain permission to perform a

certain privileged operation on some specified other domain or group

of domains. This leads naturally to a hierarchical model of
domain resource allocation and permission, for example allowing a
domain with only a very restricted privilege capability to create a
new domain by carving it out of its own resource allocation. It would


then have full control over this domain, allowing it to destroy it,
pause it, map its pages, attach a debugger etc. 

>From Xen's low-level `datapath' point of view we want to flatten this
hierarchy to keep the privilege check operations as simple as


possible, with only the control operations having to worry about the
extra complexity. Citing the example in the previous paragraph of
having one domain build another, this should be quite achievable as
some care is already taken to have the domain builder use standard


unprivileged interfaces.

http://lists.xensource.com/archives/html/xen-devel/2006-07/msg00374.html

I am wondering if there is any real use for a hierarchy in the real world? Has there been any discussion on this before?

Thanks,
Hayawardh

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel