[Fedora-xen] Is pci-pasthrough enabled for F9 DomU?
Richard W.M. Jones
rjones at redhat.com
Wed May 14 13:54:00 UTC 2008
On Tue, May 13, 2008 at 04:55:04PM -0700, snowcrash+xen at gmail.com wrote:
> ouch! a large %age of the boxes we deploy have a firewall/DomU & and
> a NAS/Domu, each with dedicated, pass'd-thru NICs. without passthru,
> performance is lousy.
You're aware that PCI passthrough is insecure? Someone who gets root
access to a guest can reprogram the NICs (trivially) to read or write
any area of memory in any guest or the dom0. This might be pertinent
information if you were expecting your firewall to provide isolation.
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top
More information about the Fedora-xen
mailing list