Managing Xen configs
nicholas roveda
I'm pretty sure it does, so where are stored the raw Xen settings and how can they be manipulated?
I was trying to access via dom0 to a Template console using `xl console` and I ran into a common problem related to hvm domain, the absence of a console to bind to.
https://www.xenproject.org/questions-and-answers/xl-console-does-not-work-on-hvm-guest.html
So, I've changed the kernelopts to expose a tty, but I don't know how to change the related settings in the Xen prospective.
Can someone post the right procedure for Qubes?
yura...@gmail.com
I'm probably the wrong person for this, however Correct me if I'm wrong, but doesn't Dom0 use XL, and DomU's use QVM?
I believe the logic behind this is to make it easy to switch between hypervisors below Qubes, in the future, and also to be able to switch Dom0 linux system with another, like Debian instead of Fedora, and making as little code in the templates as possible, so that everything can be considered like "blocks" that can be taken out easily, and switched.
So in other words, I don't think much, or anything at all, is written to XL from the DomU domains. It seems only Dom0 would do that? So in a sense, QVM will be the one talking with the DomU's only.
I could be wrong though, but I don't think you can communicate with XL from the templates. Also Xen can run in two modes, either many systems ontop Xen, or a single domain (DomO) ontop Xen. I believe Qubes is doing the latter. Which again points towards that you cannot communicate with Xen from the templates.
This too is the reason why making the high-end graphics work in Qubes is a security flaw, because graphics is run directly with XL-passthrough rather than through QVM. Since the templates can communicate with the Xen layer, it creates openings and cracks for which attackers can zip through. Which is the reason as far as I understand it, as to why Xen is completely isolated from the templates.
But as said, I'm not the right person to answer this.
nicholas roveda
I wrote that I'm trying to connect TO a Template Emergency Dracut shell FROM Dom0, using 'xl console'.
nicholas roveda
nicholas roveda
Marek Marczykowski-Górecki
Hash: SHA256
On Tue, Sep 19, 2017 at 05:27:24PM -0700, nicholas roveda wrote:
> Does Qubes store any Hypervisor settings apart qubes.xml?
> I'm pretty sure it does, so where are stored the raw Xen settings and how can they be manipulated?
to libvirt (you can see it with `virsh -c xen:/// dumpxml`).
> I was trying to access via dom0 to a Template console using `xl console` and I ran into a common problem related to hvm domain, the absence of a console to bind to.
>
> https://www.xenproject.org/questions-and-answers/xl-console-does-not-work-on-hvm-guest.html
>
> So, I've changed the kernelopts to expose a tty, but I don't know how to change the related settings in the Xen prospective.
>
> Can someone post the right procedure for Qubes?
console -t pv`, everything else is already configured. It should also
works for some HVM domains in 3.2.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZxawuAAoJENuP0xzK19csmmwIAIY/jSSgksQ/TCdEMRGct6XK
5m5+HskSnCGIDXTOcxNytRGSaHOcinIl0LV8LXXfFowTGjpPAqHvKJGofEfaLUnv
70Wef36Zwtnd5gjnJS6WG08MyGVpuiIOtSIpiv0Lx723tD+wd52Jc1dK/pgMNG8e
u1YrQ3EqrJjGcabGE5UiOuj8WdmYsEz97b5l1KKh/YKcnrn9AzxTZqJb3JxoU6rc
tWE3Ct7d7vfZ/6Hg614IWmPPIiMtDtkAKrAWkmmS0GAIvDQXnVQ06xu17O0yMoA6
UJ6VgqzxtKChxOTW3UfcnTNpuUjPOCtp1xAAwv+L3do+r1x/Gsc7m1QXIPz9c7U=
=YqJm
-----END PGP SIGNATURE-----
nicholas roveda
And if I wanted to manually change some libvirt configs and play with network interfaces?