|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Enabling domU to create other domUs
Hi Hayawardh, There are (at least) a couple of architectural reasons why xend will not work in a DomU: it assumes that XenStore is running in the same domain, and it assumes that the domain running it is privileged. In a normal Xen system, only Dom0 has the privileged bit set (when it is loaded at boot); it is not possible to create another privileged domain using the regular tools. If you did make your DomU privileged, this would make it privileged over all domains, which requires you to trust each DomU with this privilege. This is probably not acceptable from a security point-of-view. If you had the inclination, you could probably conjure up a Xen Security Module that enforced hierarchical privilege, but you would probably still have to modify the tools. If you simply want to be able to create domains from a DomU, have you considered installing xm in that domain and configuring it to use the instance of xend that runs in Dom0? Regards, Derek Murray. On Mon, Jul 7, 2008 at 6:14 PM, Hayawardh V <hayawardh@xxxxxxxxx> wrote: > Hi, > > What changes would have to be made if I wanted to have a domU create VMs? > I tried installing the xen tools into a domU rootfs image, and then booted > the domU. However, xend refuses to start inside the domU. > > I realise the changes might be extensive, but I just want an idea of what > needs to be done. > > Also, I find that hardcoded checks like > if (current-> domain->domain_id != 0) > return -EPERM > are extremely few in the current hypervisor. > > Regards, > Hayawardh > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel > > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |