[Fedora-xen] Xen, Security and Selinux: An analysis

[K T Ligesh]

 There was discussion recently about the need for security on xen dom0, and quite frankly I am a bit confused. For me, the entire idea of virtualization is to enhance the security, as in, on our main website, we have a single virtual machine (on openvz) running inside the host, which has all the services. The host has absolutely no services other than ssh. Even the ssh can be turned off, so that the only access is through the serial console, but I found it not really worth it, especially considering how cumbersome and unreliable the provider's serial console access was. The idea is that the dom0 will contain nothing other than xen virtual machines, and every other service is run inside the domUs, which is the right way, considering the really low overheads of virtualization. So whatever service you are planning to run on dom0, create a new domU specifically for it, and run it there.
 
 Xen has the problem that they have a xend service running, which frankly is a very bad design. Even for migration, the better way would be use more reliable channels like ssh, but other than that, do we actually need selinux on dom0?  The only exception to this is if you have the backup of the domUs on the dom0, and you want them to be protected in the case of xend getting compromised.

 Thanks.