On 18/12/14 16:08, Tim Deegan wrote: >> yep. Just curious, I thought stubdomain is not popularly used. typical >> > case is to have qemu in dom0. is this still true? :-) > Some do and some don't. :) High-security distros like Qubes and > XenClient do. You can enable it in xl config files pretty easily. > IIRC the xapi toolstack doesn't use it, but XenServer uses privilege > separation to isolate the qemu processes in dom0. >
We are looking into stubdomains as part of future architectural roadmap, but as identified, there is a lot of toolstack plumbing required before this be feasible to put into XenServer. Our privilege separate in qemu is a stopgap measure which we would like to replace in due course. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
