From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jacob Gorm Hansen <jacobg@diku.dk>
Subject: Re: Building domains as a lesser user (was Re: boot loaders
 for domain != 0)
Date: Thu, 03 Feb 2005 19:56:29 -0800
Message-ID: <4202F26D.3060003@diku.dk>
References: <A95E2296287EAD4EB592B5DEEFCE0E9D1236E4@liverpoolst.ad.cl.cam.ac.uk> <4202CB48.2040704@diku.dk> <4202DB0F.1050102@codemonkey.ws> <4202E915.4030100@diku.dk> <4202ED53.70802@codemonkey.ws>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
In-Reply-To: <4202ED53.70802@codemonkey.ws>
Sender: xen-devel-admin@lists.sourceforge.net
Errors-To: xen-devel-admin@lists.sourceforge.net
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.sourceforge.net>
List-Help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: xen-devel@lists.sourceforge.net
List-Id: xen-devel@lists.xenproject.org

Anthony Liguori wrote:
> Jacob Gorm Hansen wrote:
> 
>> Anthony Liguori wrote:
>>
>> If we trust Linux to enforce security, we do not need Xen at all ;-)
>>
> The current architecture of Xen requires that we trust whatever is 
> running in Domain-0.  The problems being cited wouldn't be a problem if 
> you could create domains from unpriviledged Domains because you could 
> have creator Domains who could be created from a trusted source and used 
> as a buffer against attack.

If you start having domains that can create other domains, IPC, shared 
memory between domains, all that, you have essentially turned Xen into a 
microkernel, and you start having all sorts of funny issues like access 
control, domain ownership, QoS crosstalk and whatnot. And in ten years 
from now someone will have to invent a new VMM layer to put below Xen 
only to get another fresh start. I am sure the original UNIX also seemed 
elegant at first, in the days when it didn't have 250+ different syscalls...

Jacob


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl