In my opinion, it's easier to lock down COM, such as running as
dedicated user. With XPCOM, it's even easier, as all XPCOM transport
logic is fully opensourced (and available in VBox tree),
so one can perform even more complex logic to ensure protection.
Generally, doing yet another frontend is feasible, but very time
consuming and giving no clear benefits. To get what it looks you need,
somewhat different approach is needed.
Running multiple VMs will have no problems with kernel driver, no matter
which frontend you'll use.
Nikolay
10.05.2011 20:03, Ribhi Kamal пишет:
Thanks,
I think that in my case I will have two binaries and each is
responsible of starting a specific type of virtual machine. Everything
will be hard coded, the network interfaces, the ISO location, guest
controllers... etc
I'm worried about starting two virtual machines at the same time, is
there going to be some conflicts when calling the kernel driver
(vboxdrv) ? I guess my question is, is there some danger from starting
two VMs using VBoxBFE (without COM)?
Finally, does anyone know if Oracle has something similar to what I'm
doing -- No COM/XML? Money is not a problem (not yet anyway).
Thanks again
On Tue, May 10, 2011 at 9:10 AM, Alexey Eromenko <[email protected]
<mailto:[email protected]>> wrote:
On Tue, May 10, 2011 at 3:34 PM, Ribhi Kamal <[email protected]
<mailto:[email protected]>> wrote:
> The problem with COM (XPCOM too?) is that its very hard to lock
down.
> Especially when %50+ of people run everything with admin privs.
So I'm
> trying to reduce the attack vectors that can be done from the
host OS on the
> virtualvbox installation it self.
>
> Can you please explain a bit about the "VM synchronization
point" issue?
"VM synchronization point" is a single host management layer.
The biggest difference between Qemu and VirtualBox engines, from
programmer's point of view, is that if you write any program for Qemu,
you must reimplement management layer yourself.
VirtualBox already provides single-host management layer (via
VBoxSVC). Registered VMs. Each VM remembers it's parameters, such as
RAM, HDDs assigned, Network adapters (along with MAC addresses),
etc...
--
-Alexey Eromenko "Technologov"
_______________________________________________
vbox-dev mailing list
[email protected] <mailto:[email protected]>
http://vbox.innotek.de/mailman/listinfo/vbox-dev
--
-- Ribhi
_______________________________________________
vbox-dev mailing list
[email protected]
http://vbox.innotek.de/mailman/listinfo/vbox-dev
_______________________________________________
vbox-dev mailing list
[email protected]
http://vbox.innotek.de/mailman/listinfo/vbox-dev
