Re: some questions

To: Thor Lancelot Simon <tls%rek.tjls.com@localhost>
Subject: Re: some questions
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Thu, 5 Jan 2006 20:35:43 +0100

On Thu, Jan 05, 2006 at 12:18:59PM -0500, Thor Lancelot Simon wrote:
> >
> > Yes, that what's it's for. You'll have to build custom kernels with
> > PCI support for the domUs
> 
> It's very important to understand that if you allow any "unprivileged"
> domain to access a device that does DMA, the domain is no longer
> unprivileged in any meaningful way.

The situation is not that bad, the dom0 controls which kernel is loaded
in the domU, and also controls the console. If you can start the kernel
at securelevel 1 and prevent it from going back to 0 when downgrading
to single-user, it should be safe (but I'm not sure a NetBSD system can boot
properly if the kernel starts at securelevel 1)

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

Follow-Ups:
- Re: some questions
  - From: Thor Lancelot Simon

References:
- some questions
  - From: Mihai CHELARU
- Re: some questions
  - From: Manuel Bouyer
- Re: some questions
  - From: Thor Lancelot Simon

Prev by Date: memory dispatch
Next by Date: Re: some questions
Previous by Thread: Re: some questions
Next by Thread: Re: some questions
Indexes:

Home | Main Index | Thread Index | Old Index