Difference between revisions of "NDPF vmware tips"

From PDP/Grid Wiki
Jump to navigationJump to search
m
 
m
Line 12: Line 12:
 
In general, you should use the virtual machine settings editor/Configuration Editor to remove any unneeded or unused hardware devices. However, you may want to use the device again, so removing it is not a good solution. In this case, you can prevent a user or running process in the virtual machine from connecting or disconnecting a device from within the guest operating system by adding the following option to the virtual machine's configuration file (.vmx):
 
In general, you should use the virtual machine settings editor/Configuration Editor to remove any unneeded or unused hardware devices. However, you may want to use the device again, so removing it is not a good solution. In this case, you can prevent a user or running process in the virtual machine from connecting or disconnecting a device from within the guest operating system by adding the following option to the virtual machine's configuration file (.vmx):
  
   <device name>.allowGuestConnectionControl = FALSE
+
   <device name>.allowGuestConnectionControl = "FALSE"
  
You must specify a device name for <device name> (for example, ethernet0).
+
You must specify a device name for <device name> (for example, ethernet0):
 +
 
 +
  Ethernet0.allowGuestConnectionControl = "FALSE"
 +
  floppy0.allowGuestConnectionControl = "FALSE"

Revision as of 17:15, 12 April 2007

Assorted tricks and tips for the generation of vmware images

Managing Removable Devices for Virtual Machines

(from http://kb.vmware.com/selfservice/viewContent.do?externalId=1042#devices)

Normal (non-root or non-administrator) users and processes within virtual machines have the capability to connect or disconnect devices, such as network adapters and CD-ROM drives.

For example, by default, a rogue user within a virtual machine can:

  • Connect a disconnected CD-ROM drive and access sensitive information on the media left in the drive.
  • Disconnect a network adapter to isolate the virtual machine from its network, which is a denial of service.

In general, you should use the virtual machine settings editor/Configuration Editor to remove any unneeded or unused hardware devices. However, you may want to use the device again, so removing it is not a good solution. In this case, you can prevent a user or running process in the virtual machine from connecting or disconnecting a device from within the guest operating system by adding the following option to the virtual machine's configuration file (.vmx):

 <device name>.allowGuestConnectionControl = "FALSE"

You must specify a device name for <device name> (for example, ethernet0):

 Ethernet0.allowGuestConnectionControl = "FALSE"
 floppy0.allowGuestConnectionControl = "FALSE"