[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] are Xen 3.1.0 kernels CVE-2007-4573 vulnerable



Steven Timm wrote:
> And I am trying to figure out what other
> people like myself are doing--namely those who need to keep
> Xen 3.1.0 plus some kind of redhat working together and security-patched.
> Is there anyone on this list who has such a setup working at the moment?
>

>
> I'm learning a lot from this discussion and appreciate everyone's
> help, but hopefully someone can point me to a solution of the form
> "here is
> what I did and it works" rather than "maybe this will work."
>

>>
>>> I understand that a xen 3.0.3-compiled kernel could be a domU in this
>>> setup but not a dom0.  Is this understanding wrong?
>>
>> It definitely couldn't be a dom0.
>>

I'm using xen.gz and xen userland from Xen-3.1 (compiled from a modified
RHEL's xen .src.rpm), together with RHEL5's kernel-xen (3.0.3) for dom0,
with solaris and WinXP HVM domU, and it works. This way I have to
maintain xen rpm manually (including fixing it for CVE-2007-4993, for
example), but at least I can use RH's kernel rpm.

I chose this approach because :
- I want to use something with a long support lifetime for both dom0 and
domU, so Fedora is not an option.
- I have little need for Xen 3.1. Most of my servers can run happily on
RHEL5/Xen 3.0.3, so manually updating a small number of server is
acceptable.

If you want vendor-maintained xen and kernel, you could use Fedora 7 (or
whatever distro that ships with Xen 3.1) for dom0, and have RHEL5 for
domU. Of course, given the limited lifetime of Fedora, you should also
prepare to upgrade your dom0 with the next Fedora/RHEL when its released.

Regards,

Fajar

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.