|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Non-dom0 block backends (was: Re: [PATCH v3 0/5] libxl: call hotplug scripts from libxl)
On 04/23/12 15:47, Marek Marczykowski wrote: /.../ >>> >> Also vbd backend in domU is used - eg to boot HVM from iso, which is >>> >> stored in >>> >> some domU. >> > >> > I didn't know you where able to use vbd from driver domains with xl, if so >> > I >> > will have to add a similar option for vbd devices (disable_xl_vbd_scripts). > When starting domU using xl create, I needed to slightly modify disk config > syntax in xl_cmdimpl.c to add backend field (still using xen 4.1, backend > added as the end of disk spec). But everything else worked fine. Especially xl > block-attach, which allow to specify backend domain. > So disable_xl_vbd_scripts option will be helpful. On a side note: some cool applications of this: 1) We can have a UsbVM, which has assigned all the USB controllers (pci attach), which greatly minimizes threats from various USB attacks [1] on the overall system. Now, if one plugs a USB disk, those disks can be made available to other domains, without the need for Dom0 to plug them (so no need to parse their, untrusted, partition tables, or other fs metadata). 2) We can store various installation ISOs, e.g. that cool new "hacker" Linux distro ISO, and pass it to an HVM domain (for installation) directly from the VM where we downloaded it (e.g. "untrusted-internet-browsing-vm") without the need to store it first on the Dom0 fs. joanna. [1] http://theinvisiblethings.blogspot.com/2011/06/usb-security-challenges.html Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |