|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Questions about PVH in Xen 4.3 unstable
Jan Beulich, le Wed 30 Jan 2013 11:29:00 +0000, a écrit : > >>> On 30.01.13 at 12:04, George Dunlap <George.Dunlap@xxxxxxxxxxxxx> wrote: > > On Wed, Jan 30, 2013 at 10:52 AM, tech mailinglists < > > mailinglists.tech@xxxxxxxxx> wrote: > > > >> I thought that stubdoms for HVMs are great for security. Can it still be > >> used for PV-on-HVM for security? Can only Linux run as PVH and Windows and > >> so on still run as HVM? > >> > > > > Stubdoms increase security by isolating the qemu process, so that it's not > > running in domain 0. PV domains (and by extension PVH domains) don't have > > a qemu process, and are therefore are secure without needing a stubdom. > > That's not generally true - PV domains (including Dom0 itself) can > have a qemu e.g. for providing a block backend drivers for certain > disk types. Right. And unfortunately one can't use a stubdom for that, since that'd only move the disk access problem to the stubdom. Samuel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |