[vbox-dev] VBoxBFE or VirtualBox

Nikolay Igotti nikolay.igotti at oracle.com
Tue May 10 18:54:53 GMT 2011 

  In my opinion, it's easier to lock down COM, such as running as 
dedicated user. With XPCOM, it's even easier, as all XPCOM transport 
logic is fully opensourced (and available in VBox tree),
so one can perform even more complex logic to ensure protection.
  Generally, doing yet another frontend is feasible, but very time 
consuming and giving no clear benefits. To get what it looks you need, 
somewhat different approach is needed.
Running multiple VMs will have no problems with kernel driver, no matter 
which frontend you'll use.

   Nikolay

10.05.2011 20:03, Ribhi Kamal пишет:
> Thanks,
> I think that in my case I will have two binaries and each is 
> responsible of starting a specific type of virtual machine. Everything 
> will be hard coded, the network interfaces, the ISO location, guest 
> controllers... etc
>
> I'm worried about starting two virtual machines at the same time, is 
> there going to be some conflicts when calling the kernel driver 
> (vboxdrv) ? I guess my question is, is there some danger from starting 
> two VMs using VBoxBFE (without COM)?
>
> Finally, does anyone know if Oracle has something similar to what I'm 
> doing -- No COM/XML?  Money is not a problem (not yet anyway).
>
> Thanks again
>
> On Tue, May 10, 2011 at 9:10 AM, Alexey Eromenko <al4321 at gmail.com 
> <mailto:al4321 at gmail.com>> wrote:
>
>     On Tue, May 10, 2011 at 3:34 PM, Ribhi Kamal <rbhkamal at gmail.com
>     <mailto:rbhkamal at gmail.com>> wrote:
>     > The problem with COM (XPCOM too?) is that its very hard to lock
>     down.
>     > Especially when %50+ of people run everything with admin privs.
>     So I'm
>     > trying to reduce the attack vectors that can be done from the
>     host OS on the
>     > virtualvbox installation it self.
>     >
>     > Can you please explain a bit about the "VM synchronization
>     point" issue?
>
>     "VM synchronization point" is a single host management layer.
>
>     The biggest difference between Qemu and VirtualBox engines, from
>     programmer's point of view, is that if you write any program for Qemu,
>     you must reimplement management layer yourself.
>
>     VirtualBox already provides single-host management layer (via
>     VBoxSVC). Registered VMs. Each VM remembers it's parameters, such as
>     RAM, HDDs assigned, Network adapters (along with MAC addresses),
>     etc...
>
>     --
>     -Alexey Eromenko "Technologov"
>
>     _______________________________________________
>     vbox-dev mailing list
>     vbox-dev at virtualbox.org <mailto:vbox-dev at virtualbox.org>
>     http://vbox.innotek.de/mailman/listinfo/vbox-dev
>
>
>
>
> -- 
> -- Ribhi
>
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> http://vbox.innotek.de/mailman/listinfo/vbox-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20110510/8a0eb59d/attachment.html>

More information about the vbox-dev mailing list