All of lore.kernel.org
 help / color / mirror / Atom feed
From: Ian Campbell <Ian.Campbell@citrix.com>
To: Muhammed Aydin <maydin.work@gmail.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Subject: Re: Xen interfaces / hooks
Date: Wed, 21 Dec 2011 16:54:06 +0000	[thread overview]
Message-ID: <1324486446.7877.46.camel@zakaz.uk.xensource.com> (raw)
In-Reply-To: <CALF+9DEP5-Tb9NTzzwFF8WiWMmGQ2mTJ7vdp+adde0tYejRgGQ@mail.gmail.com>

On Wed, 2011-12-21 at 16:40 +0000, Muhammed Aydin wrote:
> Hi Ian,
> 
> Thanks for the response.
> 
> > Perhaps if you explain your actual end goal you can be better
> advised.
> 
> What we are planning to do is to insert some code which can
> automatically utilise some instructions from forensics investigation
> tools (such as a command line tools like Sleuthkit), and to do this
> automatically upon starting up and shutdown / suspension of a virtual
> machine running on the Xen hypervisor in order to aid forensic
> investigations. Nothing complicated being added but we need to know
> exactly where we would need to put these commands.
> 
> My understanding is that because this would be performed on the domain
> U guest operating systems this change would need to be at the
> hypervisor level rather than the dom 0. Could you advise on how to go
> about this please? What I have been looking for is anything which
> could help me to do this to Xen, such as a tutorial or a guide, and
> couldn't find anything. 

Without knowing the precise details for "some instructions from
forensics investigation tools" I can't say for sure but this sounds on
the face of it like something which can be done from dom0 by using the
usual privileged operations to examine guest state.

Perhaps the "xenaccess" library (now apparently called LibVMI) will help
you to achieve your goals. I believe this uses the Memory Access API
added in Xen 4.1 although I'm not personally familiar with the
specifics.

There are no hooks for doing anything on domain startup/shutdown/suspend
but the generic functionality of running something on these events seems
like a plausibly useful generic addition to the xl toolstack (see
tools/libxl).

Ian.

      reply	other threads:[~2011-12-21 16:54 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-12-20 23:02 Xen interfaces / hooks Mustafa Aydin
2011-12-21 13:47 ` Ian Campbell
2011-12-21 16:40   ` Muhammed Aydin
2011-12-21 16:54     ` Ian Campbell [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1324486446.7877.46.camel@zakaz.uk.xensource.com \
    --to=ian.campbell@citrix.com \
    --cc=maydin.work@gmail.com \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.