[Fedora-xen] Is pci-pasthrough enabled for F9 DomU?

[snowcrash+xen@gmail.com]

hi,

>  You're aware that PCI passthrough is insecure?  Someone who gets root
>  access to a guest can reprogram the NICs (trivially) to read or write
>  any area of memory in any guest or the dom0.  This might be pertinent
>  information if you were expecting your firewall to provide isolation.

nope. 1st i'm hearing of it ... not that i haven't looked :-/ sigh.

hrm.

so, although this is "just" a RH/Fedora forum, but xen focussed, let
me then ask ...

i *want* a distro with

-- X86_64/SMP (AMD multicore) support
-- Xen 3.2.x builds & runs both in Dom0 & DomU
-- capable of deploying a FW in DomU that does not suffer
NIC-performance degradation -- or (apparently) security holes
-- stable core that'll keep us 'supported' (e.g., *not* the Fedaora
scenario i'm now facing; feature-incomplete until, perhaps, F10+, @
which point F8 -- which we're "stuck" on is unsupported)
-- app repos (rpm, srpm, other ...) that are safe/available/reliable
for full releases (one example, Bind 9.4.2, which seems to be tough to
find for RHEL/Centos 5.1)

*can* i (yet) "have it all"?  iiuc, "no" ....