|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] Re: Users can provide their own kernels?
> This is very disconcerting to someone who was looking at renting out > domU space on a Xen machine. > > Will there be options to prevent a domU that booted a dom0 kernel from > accessing xend? I'd hate for an abusive user to balloon all the other > domUs to 16MB RAM and balloon themselves to 1GB RAM, play with > scheduling parameters, or randomly kill off other domUs. In Xen, the guest kernel has no part in enforcing interdomain security - Xen does that. Simply by running a kernel in a domU, it is unprivileged. Kernels running in a domU never have any special privileges unless you explicitly grant them from dom0. This is unlike UML / vservers, where a compromise of the VM's kernel can allow a user to "escape". The only reason we provide a separate xenU kernel is because it's a bit smaller than the xen0 kernel. The guest bootloader takes advantage of this support to allow users to compile their own guest kernels and select them themselves. So it's safe, don't worry ;-) Cheers, Mark _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |