From: Joanna Rutkowska <joanna@invisiblethingslab.com>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Subject: Re: Setting IP address for stubdom?
Date: Wed, 08 Feb 2012 18:35:10 +0100 [thread overview]
Message-ID: <4F32B24E.6040801@invisiblethingslab.com> (raw)
In-Reply-To: <1328718954.6133.64.camel@zakaz.uk.xensource.com>
[-- Attachment #1.1: Type: text/plain, Size: 1858 bytes --]
On 02/08/12 17:35, Ian Campbell wrote:
> On Tue, 2012-02-07 at 19:28 +0000, Joanna Rutkowska wrote:
>> Is there a convenient way to setup the IP address for the _stubdom_ (to
>> connect to the vnc server running there) from within the corresponding
>> HVM config file on Xen 4.1? Or should one use dhcpd?
>
> Currently the model with stubdomains is that the stub domain runs a PVFB
> device against a backend in dom0 (actually, another qemu) which does the
> vnc export etc so there is no networking to the stub dom.
>
> I can see valid reasons why you would want to have the stubdom itself do
> the vnc export and therefore have a network of its own but I don't think
> the toolstack can express that right now. I think it was done in the
> early days of stubdoms, but I suspect in some hacky way (or perhaps just
> DHCP), and I don't know if that functionality has persisted to the
> present day.
>
Actually I just wanted to access VNC in the stubdom for some testing --
in the long term I don't think this is a desirable option, because: 1)
using VNC adds lots of overhead -- e.g. it's unable to do zero-copy
framebuffer virtualization in contrast to e.g. our Qubes GUI daemon, and
2) in order to keep it on a reasonably secure level, one would need to
have one more domain (a "vncviewer" domain) which would be connected to
the stubdom's vncserver (note that in Qubes we don't have networking in
Dom0 -- and we don't want to have it).
The pvfb solution will work just fine for me testing purposes for now
(but only for testing, as any solution that requires me to run qemu in
Dom0 is not satisfactory from the security point of view IMHO).
So, many thanks for pointing this out -- I was so convinced that a
stubdom runs its own vncserver, that I missed all those qemu processes
in my Dom0 ;)
Thanks!
joanna.
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 455 bytes --]
[-- Attachment #2: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
prev parent reply other threads:[~2012-02-08 17:35 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-07 19:28 Setting IP address for stubdom? Joanna Rutkowska
2012-02-07 19:58 ` Joanna Rutkowska
2012-02-08 16:35 ` Ian Campbell
2012-02-08 17:25 ` Stefano Stabellini
2012-02-08 17:35 ` Joanna Rutkowska [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F32B24E.6040801@invisiblethingslab.com \
--to=joanna@invisiblethingslab.com \
--cc=Ian.Campbell@citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.