[Xen-devel] Re: Unofficial Xen 2.0 debian packages kinda broken - Nuutti Kotivuori - com.xensource.lists.xen-devel

19 messages in com.xensource.lists.xen-devel[Xen-devel] Re: Unofficial Xen 2.0 de...

From	Sent On	Attachments
Nuutti Kotivuori	21 Oct 2004 04:25
Brian Wolfe	21 Oct 2004 21:15
Brian Wolfe	21 Oct 2004 21:21
Ian Pratt	22 Oct 2004 01:01
Nuutti Kotivuori	22 Oct 2004 05:35
Brian Wolfe	22 Oct 2004 13:13
Brian Wolfe	23 Oct 2004 06:35
Nuutti Kotivuori	23 Oct 2004 06:49
Brian Wolfe	23 Oct 2004 07:10
Nuutti Kotivuori	23 Oct 2004 07:30
Brian Wolfe	23 Oct 2004 09:10
Nuutti Kotivuori	24 Oct 2004 17:06
Brian Wolfe	24 Oct 2004 17:36
Adam Heath	29 Oct 2004 11:34
Adam Heath	29 Oct 2004 11:57
Nuutti Kotivuori	30 Oct 2004 03:51
Nuutti Kotivuori	30 Oct 2004 03:57
Mark A. Williamson	30 Oct 2004 05:16
Brian Wolfe	30 Oct 2004 08:29

Subject:	[Xen-devel] Re: Unofficial Xen 2.0 debian packages kinda broken
From:	Nuutti Kotivuori (nak...@iki.fi)
Date:	10/30/2004 03:57:08 AM
List:	com.xensource.lists.xen-devel

Adam Heath wrote:

Do you really want to allow your virtualized users to be able to change the kernel?

Yes. In some cases.

There are cases where strict separation is not an issue, where granting priviledges does not really matter.

And even where strict separation is an issue, with Xen there shouldn't be any problem, should there?

I mean, with UML obviously if the kernel is compromised, it can access everything the binary can on the host - and needs to be restricted there somehow. And if compromising the kernel shouldn't be possible, it gives quite a bit of restrictions on the guest side - like no modules allowed and so.

But with Xen, the separation is on a lower layer, and there should be no problem allowing custom built kernels with custom patches or binary modules or whatnot.

But in any case, it is simply a choice there.

-- Naked