Hi guys, Im making somes researchs about security in Virtual Machines, and does anybody knows, if exists a exploit or a rootkit for Xen? I would like to test it (if exist). Thanks, Artur Baruchi _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> -----Original Message----- > From: xen-users-bounces@lists.xensource.com > [mailto:xen-users-bounces@lists.xensource.com] On Behalf Of > Artur Baruchi > Sent: 13 March 2007 14:43 > To: Xen-users@lists.xensource.com > Subject: [Xen-users] Exploiting XEN > > Hi guys, > > Im making somes researchs about security in Virtual Machines, and does > anybody knows, if exists a exploit or a rootkit for Xen? I would like > to test it (if exist).Please take this the right way... If we assume one does exist, would you send it to me, if I asked you? [particularly if my e-mail address was of an "anonymous" origin like gmail?] - how do I know that the purpose you are asking for is the purpose you are REALLY asking for, rather than for example that you know someone''s machine is Xen-based and you want to break into it. This is a non-moderated mailing-list, anyone with an e-mail account anywhere in the world (more or less) can sign up. I personally am not aware of any "rootkit" that relates to Xen. The Xen hypervisor is fairly small, and thus relatively easy to understand and control against vulnerabilities. Since it''s living "outside" the host-OS that it controls, it''s potentially less vulnerable than those hypervisors that live within the host-OS. -- Mats> > Thanks, > > Artur Baruchi > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users > > >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, Mar 13, 2007 at 04:30:53PM +0100, Petersson, Mats wrote:> > -----Original Message----- > > From: xen-users-bounces@lists.xensource.com > > [mailto:xen-users-bounces@lists.xensource.com] On Behalf Of > > Artur Baruchi > > Sent: 13 March 2007 14:43 > > To: Xen-users@lists.xensource.com > > Subject: [Xen-users] Exploiting XEN > > > > Hi guys, > > > > Im making somes researchs about security in Virtual Machines, and does > > anybody knows, if exists a exploit or a rootkit for Xen? I would like > > to test it (if exist). > > Please take this the right way... If we assume one does exist, would you > send it to me, if I asked you? [particularly if my e-mail address was of > an "anonymous" origin like gmail?] - how do I know that the purpose you > are asking for is the purpose you are REALLY asking for, rather than for > example that you know someone''s machine is Xen-based and you want to > break into it. This is a non-moderated mailing-list, anyone with an > e-mail account anywhere in the world (more or less) can sign up. > > I personally am not aware of any "rootkit" that relates to Xen.And more to the point, if any of the Xen developers did know of a "rootkit" you can be damn sure they''d be fixing whatever flaw made it possible, rather than passing it around for people to try out.> The Xen hypervisor is fairly small, and thus relatively easy to > understand and control against vulnerabilities. Since it''s living > "outside" the host-OS that it controls, it''s potentially less vulnerable > than those hypervisors that live within the host-OS.Nice in theory, but in practice you have to include Dom0 as (at this time) it has effectively unrestricted access to the hardware and is neccessarily trusted by every DomU that cards about disk or network I/O. While in theory Xen may allow a tighter security model, in the real-world deployments of Xen there''s no better security from its arch of hypervisor outside the Dom0 OS, vs other virt systems which have the hypervisor as part of the Dom0. Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> -----Original Message----- > From: Daniel P. Berrange [mailto:berrange@redhat.com] > Sent: 13 March 2007 15:43 > To: Petersson, Mats > Cc: Artur Baruchi; Xen-users@lists.xensource.com > Subject: Re: [Xen-users] Exploiting XEN > > On Tue, Mar 13, 2007 at 04:30:53PM +0100, Petersson, Mats wrote: > > > -----Original Message----- > > > From: xen-users-bounces@lists.xensource.com > > > [mailto:xen-users-bounces@lists.xensource.com] On Behalf Of > > > Artur Baruchi > > > Sent: 13 March 2007 14:43 > > > To: Xen-users@lists.xensource.com > > > Subject: [Xen-users] Exploiting XEN > > > > > > Hi guys, > > > > > > Im making somes researchs about security in Virtual > Machines, and does > > > anybody knows, if exists a exploit or a rootkit for Xen? > I would like > > > to test it (if exist). > > > > Please take this the right way... If we assume one does > exist, would you > > send it to me, if I asked you? [particularly if my e-mail > address was of > > an "anonymous" origin like gmail?] - how do I know that the > purpose you > > are asking for is the purpose you are REALLY asking for, > rather than for > > example that you know someone''s machine is Xen-based and you want to > > break into it. This is a non-moderated mailing-list, anyone with an > > e-mail account anywhere in the world (more or less) can sign up. > > > > I personally am not aware of any "rootkit" that relates to Xen. > > And more to the point, if any of the Xen developers did know > of a "rootkit" > you can be damn sure they''d be fixing whatever flaw made it > possible, rather > than passing it around for people to try out.Agree completely. [Although I guess some people on the Xen User''s list may not be developers, I believe anyone here would rather forward such a "rootkit" to the developers so that they can fix the underlaying flaw, rather than passing it around to try out amongst "friends"].> > > The Xen hypervisor is fairly small, and thus relatively easy to > > understand and control against vulnerabilities. Since it''s living > > "outside" the host-OS that it controls, it''s potentially > less vulnerable > > than those hypervisors that live within the host-OS. > > Nice in theory, but in practice you have to include Dom0 as (at this > time) it has effectively unrestricted access to the hardware and is > neccessarily trusted by every DomU that cards about disk or network > I/O. While in theory Xen may allow a tighter security model, in the > real-world deployments of Xen there''s no better security from its > arch of hypervisor outside the Dom0 OS, vs other virt systems which > have the hypervisor as part of the Dom0.I guess that''s a fair comment too. Dom0 is a large part of a Xen environment, and if Dom0 is compromised, then Xen can''t really do that much to prevent the system from being crashed, subverted or other malicious acts. But I believe Xen itself is "safe" from Dom0 being compromised - but it''s moot point, as Xen on it''s own is about as useful as a chocalte teapot. But Xen isn''t really the "culprit" in this scenario - it''s the same scenario for Linux (or whatever other OS we care to choose) without a hypervisor. -- Mats> > Dan. > -- > |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 > 978 392 2496 -=| > |=- Perl modules: http://search.cpan.org/~danberr/ > -=| > |=- Projects: http://freshmeat.net/~danielpb/ > -=| > |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF > F742 7D3B 9505 -=| > > >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Tue, 2007-03-13 at 11:42 -0300, Artur Baruchi wrote:> Hi guys, > > Im making somes researchs about security in Virtual Machines, and does > anybody knows, if exists a exploit or a rootkit for Xen? I would like > to test it (if exist). > > Thanks, > > Artur BaruchiTo my knowledge, no "special" hacks exist to allow underprivileged domains the ability to trick the hypervisor into doing undesirable things. Depending on the diligence of whoever setup Xen, you may be able to do or find interesting things around the network, but this isn''t Xen''s fault. Likewise, Xen can''t stop ill experienced people from running an 3 year old copy of phpbb on dom-0 itself. I have seen some pretty wasted dom-0''s, but this is due to hackers finding weaknesses in php scripts made to manage Xen using weak setuid wrappers to talk to xm, lvm and iptables. They got in through PHP, not Xen. I have yet to see xen perk its way into the discovery scripts hackers upload once they find a way to get code somewhere they can write. Nobody seems to be looking for xen, parts of xen or much less something that indicates the version of Xen is exploitable. If there was anything of interest, I''m sure hackers would be probing for it. I don''t look at *every* little thing I find in /tmp on every shared hosting server I manage, but I try to at least peek at most of it. The ''garbage'' that 80K + hosted domains leaves laying around gives you a pretty acute birds eye view of the threats you need to be dealing with. I agree with Mats, asking the way you did does kind of raise a few hairs. Many IAAS (Infrastructure As A Service) providers base some or all of their offerings around Xen''s security. So do some governments. Its not like you just said "Oh, HI! JACK!" in an airport, but you came close. I''m not going to say its wrong to ask if such a thing exist, but clearly state your intentions for seeking it and don''t use an anonymous e-mail address when making such inquiries. Best, --Tim _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> > > The Xen hypervisor is fairly small, and thus relatively easy to > > > understand and control against vulnerabilities. Since it''s living > > > "outside" the host-OS that it controls, it''s potentially > > > > less vulnerable > > > > > than those hypervisors that live within the host-OS. > > > > Nice in theory, but in practice you have to include Dom0 as (at this > > time) it has effectively unrestricted access to the hardware and is > > neccessarily trusted by every DomU that cards about disk or network > > I/O. While in theory Xen may allow a tighter security model, in the > > real-world deployments of Xen there''s no better security from its > > arch of hypervisor outside the Dom0 OS, vs other virt systems which > > have the hypervisor as part of the Dom0. > > I guess that''s a fair comment too. Dom0 is a large part of a Xen > environment, and if Dom0 is compromised, then Xen can''t really do that > much to prevent the system from being crashed, subverted or other > malicious acts. But I believe Xen itself is "safe" from Dom0 being > compromised - but it''s moot point, as Xen on it''s own is about as useful > as a chocalte teapot.We don''t make any real effort to protect the system from a naughty dom0 at this point - there''s no point whilst it''s permitted to DMA over any memory it wants. With domain 0 disaggregation and IOMMU hardware we should be able to harden the system significantly with respect to what harm dom0 and driver domains can do. For a random related reference, [http://www.cs.rochester.edu/meetings/sosp2003/papers/p134-lie.pdf] describes an implementation of an untrusted operating system: the researchers goal was (with hardware support) to produce an OS that was as limited as possible WRT interfering with applications in certain ways whilst still providing essential OS services. It''s an interesting read. Cheers, Mark> But Xen isn''t really the "culprit" in this scenario - it''s the same > scenario for Linux (or whatever other OS we care to choose) without a > hypervisor. > > -- > Mats > > > Dan. > > -- > > > > |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 > > > > 978 392 2496 -=| > > > > |=- Perl modules: http://search.cpan.org/~danberr/ > > > > -=| > > > > |=- Projects: http://freshmeat.net/~danielpb/ > > > > -=| > > > > |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF > > > > F742 7D3B 9505 -=| > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users-- Dave: Just a question. What use is a unicyle with no seat? And no pedals! Mark: To answer a question with a question: What use is a skateboard? Dave: Skateboards have wheels. Mark: My wheel has a wheel! _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Petersson, Mats wrote:> I guess that''s a fair comment too. Dom0 is a large part of a Xen > environment, and if Dom0 is compromised, then Xen can''t really do that > much to prevent the system from being crashed, subverted or other > malicious acts. But I believe Xen itself is "safe" from Dom0 being > compromisedIt''s not. Dom0 (or any IO domain) has direct access to DMA controllers. It can use DMA to overwrite the hypervisor''s memory with arbitrary data. It would be rather trivial for dom0 to escalate itself to ring 0 by simply locating the IDT, writing a new IDT to disk, and then doing a DMA read operation with the physical address of the IDT''s. Regards, Anthony Liguori - but it''s moot point, as Xen on it''s own is about as useful> as a chocalte teapot. > > But Xen isn''t really the "culprit" in this scenario - it''s the same > scenario for Linux (or whatever other OS we care to choose) without a > hypervisor. > > -- > Mats >> Dan. >> -- >> |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 >> 978 392 2496 -=| >> |=- Perl modules: http://search.cpan.org/~danberr/ >> -=| >> |=- Projects: http://freshmeat.net/~danielpb/ >> -=| >> |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF >> F742 7D3B 9505 -=| >> >> >>_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> > I guess that''s a fair comment too. Dom0 is a large part of a Xen > > environment, and if Dom0 is compromised, then Xen can''t really dothat> > much to prevent the system from being crashed, subverted or other > > malicious acts. But I believe Xen itself is "safe" from Dom0 being > > compromised > > It''s not. Dom0 (or any IO domain) has direct access to DMAcontrollers.> It can use DMA to overwrite the hypervisor''s memory with arbitrarydata. I believe he was saying that dom0 was "safe" from an attempt to compromise originating out of a domU. No domU can be safe from dom0. That should be understood. Joe. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Thu, 2007-03-15 at 12:42 -0700, Kraska, Joe A (US SSA) wrote:> > > I guess that''s a fair comment too. Dom0 is a large part of a Xen > > > environment, and if Dom0 is compromised, then Xen can''t really do > that > > > much to prevent the system from being crashed, subverted or other > > > malicious acts. But I believe Xen itself is "safe" from Dom0 being > > > compromised > > > > It''s not. Dom0 (or any IO domain) has direct access to DMA > controllers. > > It can use DMA to overwrite the hypervisor''s memory with arbitrary > data. > > I believe he was saying that dom0 was "safe" from an attempt to > compromise > originating out of a domU. No domU can be safe from dom0. That should be > understood. > > Joe.A more interesting question is what about underprivileged attempts on dom-0 itself, i.e. non-root users? Realistically if it does happen, it will be because an underprivileged user on dom-0 was able to build code or access something compiled that led to privilege escalation. This is much more likely than a strong root password being compromised. Xen is as secure as its Linux (or whatever the future brings) kernel, and as secure as the software built around that kernel (your distro). No less, and somewhat more because of its ability to contain things in driver domains. In the end it all comes down to how well it was installed, Kernel Linux and Xen combined. Xen has to be able to rely on the OS and strength of the kernel it patched just like everything else :) Best, --Tim _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> A more interesting question is what about underprivileged attempts on > dom-0 itself, i.e. non-root users?*shrug* I assume that local access implies probable total access. Facet count exposures and all that. For myself, I would never let an untrusted user onto dom0. EVER. Same with my ESX installations. Joe. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Thu, 2007-03-15 at 15:37 -0700, Kraska, Joe A (US SSA) wrote:> > A more interesting question is what about underprivileged attempts on > > dom-0 itself, i.e. non-root users? > > *shrug* > > I assume that local access implies probable total access. Facet count > exposures and all that. For myself, I would never let an untrusted user > onto dom0. EVER. Same with my ESX installations.Not without *serious* consideration and planning. Being able to offer parts of xen safely to system users would be really cool, and is possible to do if a great many what-if''s are addressed. There would obviously need to be a much higher level of trust in those users and their practices than in users operating as root on guests. For installations on private research grids or clusters where disposable infrastructure works, it remains a keen idea and goal. I''d really love to make Xen more just like a part of Linux up to the privileged level, just to a degree. Opens up interesting doors. Anyway, Going off topic now :) Best, --Tim _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Am 2007-03-15 15:37:35, schrieb Kraska, Joe A (US SSA):> > A more interesting question is what about underprivileged attempts on > > dom-0 itself, i.e. non-root users? > > *shrug* > > I assume that local access implies probable total access. Facet count > exposures and all that. For myself, I would never let an untrusted user > onto dom0. EVER. Same with my ESX installations.This is exactly what I am concrned about... Info: I run a Development Workstation which was running at least 5 installations of GNU/Linux: sda Master system (which one was booted) sdd Chroot Debian/Sid sde Chroot Debian/Etch sdf Chroot Debian/Sarge sdg Chroot Debian/Woody I was running 4 X server at once and the Master-System was only accessible for Root/Administrator. Now I have installed Xenm where sda is Dom0 and the others the DomU. Which mean I run fully in Dom0 and get the X server from DomU since I can not run the X window-system directly in the DomU and I have done it with the Chroots. Any suggestions? Note: If I run the Develpoment Workstation alone it is no problem, but sometimes I have other peoples working on it which I only partialy trust. Greetings Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ ##################### Debian GNU/Linux Consultant ##################### Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSN LinuxMichi 0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> -----Original Message----- > From: xen-users-bounces@lists.xensource.com > [mailto:xen-users-bounces@lists.xensource.com] On Behalf Of > Michelle Konzack > Sent: 27 March 2007 15:57 > To: xen-users@lists.xensource.com > Subject: [Xen-users] Re: Re: Exploiting XEN > > Am 2007-03-15 15:37:35, schrieb Kraska, Joe A (US SSA): > > > A more interesting question is what about underprivileged > attempts on > > > dom-0 itself, i.e. non-root users? > > > > *shrug* > > > > I assume that local access implies probable total access. > Facet count > > exposures and all that. For myself, I would never let an > untrusted user > > onto dom0. EVER. Same with my ESX installations. > > This is exactly what I am concrned about... > > Info: I run a Development Workstation which was running at least 5 > installations of GNU/Linux: > > sda Master system (which one was booted) > sdd Chroot Debian/Sid > sde Chroot Debian/Etch > sdf Chroot Debian/Sarge > sdg Chroot Debian/Woody > > I was running 4 X server at once and the Master-System was only > accessible for Root/Administrator. > > Now I have installed Xenm where sda is Dom0 and the others the DomU. > Which mean I run fully in Dom0 and get the X server from DomU since > I can not run the X window-system directly in the DomU and I have > done it with the Chroots. > > Any suggestions?If you''re allowing others to "touch" your console, they can do anything anyways [like boot from a CDROM and change the root password, for one thing]. If you want others to use your guest-systems, then you can allow them to SSH into the guest-system, and use their own console for X-windows (ssh -X works for this - this is how I access my AMD-V machine, as my "development" is my "console system" (I do have a KVM-switch, but it''s much easier to just access the AMD-V machine through the network). I''m sorry if I misunderstood your problem description, and you''re actually asking/suggesting something else here. -- Mats> > Note: If I run the Develpoment Workstation alone it is no > problem, but sometimes I have other peoples working > on it which I only partialy trust. > > Greetings > Michelle Konzack > Systemadministrator > Tamay Dogan Network > Debian GNU/Linux Consultant > > > -- > Linux-User #280138 with the Linux Counter, http://counter.li.org/ > ##################### Debian GNU/Linux Consultant > ##################### > Michelle Konzack Apt. 917 ICQ #328449886 > 50, rue de Soultz MSN LinuxMichi > 0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Re: security in dom0;> I was running 4 X server at once and the Master-System was only > accessible for Root/Administrator. > > Now I have installed Xenm where sda is Dom0 and the others the DomU. > Which mean I run fully in Dom0 and get the X server from DomU since > I can not run the X window-system directly in the DomU and I have > done it with the Chroots.I don''t follow why you can''t run X windows in domU, I know we do that. Be that as it may, no, I can''t see a safe resolution here. Joe. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> I''m sorry if I misunderstood your problem description, and you''re > actually asking/suggesting something else here.I admit to being confused also. One runs an X Server so that clients can display to it, not vice versa. Ordinary X clients running on a linux server need no X server to send X protocol traffic to a remote client. Joe. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Am 2007-03-27 08:47:00, schrieb Kraska, Joe A (US SSA):> I don''t follow why you can''t run X windows in domU, I know we do that. > Be that as it may, no, I can''t see a safe resolution here.I had asked last year and someone told me that it is not possibel since Xen/domU do not know WHO should handel the Graphic-Card... I NEED to start 4 xservers in the four domU paralel to test interaction of Software and I want to run those xservers with wdm on :0, :1, :2 and :3. And since I need MORE then one Devel-Workstation of this kind, I can not use VMware since it is TOO expensive. And VWMare goes crazy with Kernels like 2.4.33 and 2.6.21... Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ ##################### Debian GNU/Linux Consultant ##################### Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSN LinuxMichi 0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Am 2007-03-27 17:20:30, schrieb Petersson, Mats:> If you''re allowing others to "touch" your console, they can do anything > anyways [like boot from a CDROM and change the root password, for one > thing].Ehm, to boot my Devel-Workstation you need definitivly ROOT rights! To change passwords you need root access too AND KEY access to my PostgreSQL server.> If you want others to use your guest-systems, then you can allow them to > SSH into the guest-system, and use their own console for X-windows (ssh??? - There is ONLY ONE computer! -- My Devel-Workstation.> -X works for this - this is how I access my AMD-V machine, as my > "development" is my "console system" (I do have a KVM-switch, but it''s > much easier to just access the AMD-V machine through the network).This works only if you have at least TWO computers!> I''m sorry if I misunderstood your problem description, and you''re > actually asking/suggesting something else here.OK! - Again: My Devel-Workstation has sda dom0 Master System which boot up sdb domU Running Debian GNU/Linux Unstable (Sid) sdc domU Running Debian GNU/Linux Testing (Etch) sdd domU Running Debian GNU/Linux Stable (Sarge) sde domU Running Debian GNU/Linux OldStable (Woody) sdf domU Running RedHat sdg domU Running SuSE/Novel the later two are only started at manual request... My current Devel-Workstation starts serial 4 xservers in chroots for the four Debian releases. In a previously message (last year) there was someone which told me, I can not run several "Virtual Workstations in the domU since they do not know WHO should handel the Graphic-Card. Idealy I want to start (like in the four chroots) 4 xservers on :0, :1, :2 and :3. Since I can boot ALL 6 installations directly from my LILO menu they are fully working installations. I have manged to start the Xen System using LILO and kexec... OK it works but the X-Server do not coming up. Since I have only one computer, I have setup dom0 to handel this stuff... ...and start per /etc/inittab and ssh four (root) xsessions which should start on :0, :1, :2 and :3 four xserver with WDM. But it does not work... Please NOTE: I need to run ALL FOUR releases in parallel for testing of programs which need direct interaction. Question: HOW must I change the following /etc/inittab that four xservers with WDM are starting up: ----8<------------------------------------------------------------------ # Chroots for Unstable (Sid) 1:2:respawn:/sbin/rungetty tty1 -u root -g root -- chroot /Chroot-999-sid /sbin/getty -f /etc/issue.linuxlogo.banner 38400 tty1 2:2:respawn:/sbin/rungetty tty2 -u root -g root -- chroot /Chroot-999-sid /sbin/getty -f /etc/issue.linuxlogo.banner 38400 tty2 3:2:respawn:/sbin/rungetty tty3 -u root -g root -- chroot /Chroot-999-sid /sbin/getty -f /etc/issue.linuxlogo.banner 38400 tty3 4:2:respawn:/sbin/rungetty tty4 -u root -g root -- chroot /Chroot-999-sid /sbin/getty -f /etc/issue.linuxlogo.banner 38400 tty4 # Chroots for testing (Etch) 5:2:respawn:/sbin/rungetty tty5 -u root -g root -- chroot /Chroot-4.0-etch /sbin/getty -f /etc/issue.linuxlogo.banner 38400 tty5 <snip> # MasterSystem 21:2345:respawn:/sbin/getty -f /etc/issue.linuxlogo.banner 38400 tty21 22:2345:respawn:/sbin/getty -f /etc/issue.linuxlogo.banner 38400 tty22 23:2345:respawn:/sbin/getty -f /etc/issue.linuxlogo.banner 38400 tty23 24:2345:respawn:/sbin/getty -f /etc/issue.linuxlogo.banner 38400 tty24 ----8<------------------------------------------------------------------ I assume, that I must change the "chroot <directory> " to something like Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ ##################### Debian GNU/Linux Consultant ##################### Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSN LinuxMichi 0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com) _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 4 Apr 2007, linux4michelle@freenet.de said:> Am 2007-03-27 08:47:00, schrieb Kraska, Joe A (US SSA): >> I don''t follow why you can''t run X windows in domU, I know we do >> that. Be that as it may, no, I can''t see a safe resolution here. > > I had asked last year and someone told me that it is not possibel > since Xen/domU do not know WHO should handel the Graphic-Card...Whether or not you have a graphics card isn''t really related to whether or not you can run an X server. The X server''s job is to provide a display for X clients -- that display does not have to be realized in hardware. You could run Xvfb; There are even X clients that will re-export the display via VNC or RDP.> I NEED to start 4 xservers in the four domU paralel to test > interaction of Software and I want to run those xservers with wdm on > :0, :1, :2 and 3.If you are starting an X server in each domU, then they are each a display :0.> And since I need MORE then one Devel-Workstation of this kind, I can > not use VMware since it is TOO expensive. And VWMare goes crazy > with Kernels like 2.4.33 and 2.6.21...I don''t want to dissuade you from using Xen, but VMWare server is free.> Thanks, Greetings and nice Day > Michelle Konzack > Systemadministrator > Tamay Dogan Network > Debian GNU/Linux Consultant-- Stephen _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users