[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-users] Custom kernel
Hi > I wouldn't care very much about a few unnecessary load. A fat > kernel, give or take a 100k doesn't mean jack. Agreed, although 1M might make a difference... > Maybe I'm totally off the wall here, but my dom0 has direct, > low level access to hardware - namely the NICs and storage > devices (SATA, SCSI, etc.) and the abstraction layers above > that (RAID, LVM, etc). Yes, your domain 0 has low level access to hardware - because it is loaded in a way by the hypervisor, which allows that. But that's a decision of the hypervisor, not of the way the kernel is built. > Just imagine if the guests had access to the LVM layer. If > one of the guests get rooted, they can wipe out the > filesystems of other guests, and the host too. That would be awful, BUT it will neven happen. Even if the running kernel has such functions built in, it will never be allowed by the hypervisor to access these devices... > Your Xen box may be in a different environment than mine. My > box is being used for semi-production environment and is > connected to a public network. Every domain (about 20 in > all), except dom0, is visible from the outside via one port > or another through a firewall that is done by one of the guests. Yes, I am in a different environment. My box is fully in production every domain has 1-2 public ips, is fully reachable over the internet and is running software I cannot even controll by customers of mine. They can even replace the kernel they use on their own. I leave that decition to them. It would be hazardous if that would give them a way to get control... > They all work well. But if I were to use a privileged kernel > for any of these guests, I don't think I'd be able to sleep at night. Me too, but the privileges come from the hypervisor, not from the build-process. Regards, Steffen Attachment:
smime.p7s _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |