NDPF vmware tips

From PDP/Grid Wiki
Revision as of 14:20, 12 April 2007 by Davidg@nikhef.nl (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Assorted tricks and tips for the generation of vmware images

Managing Removable Devices for Virtual Machines

(from http://kb.vmware.com/selfservice/viewContent.do?externalId=1042#devices)

Normal (non-root or non-administrator) users and processes within virtual machines have the capability to connect or disconnect devices, such as network adapters and CD-ROM drives.

For example, by default, a rogue user within a virtual machine can:

  • Connect a disconnected CD-ROM drive and access sensitive information on the media left in the drive.
  • Disconnect a network adapter to isolate the virtual machine from its network, which is a denial of service.

In general, you should use the virtual machine settings editor/Configuration Editor to remove any unneeded or unused hardware devices. However, you may want to use the device again, so removing it is not a good solution. In this case, you can prevent a user or running process in the virtual machine from connecting or disconnecting a device from within the guest operating system by adding the following option to the virtual machine's configuration file (.vmx):

 <device name>.allowGuestConnectionControl = FALSE

You must specify a device name for <device name> (for example, ethernet0).