This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [PATCH 0/3] domUloader

To: Adam Heath <doogie@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH 0/3] domUloader
From: Kurt Garloff <garloff@xxxxxxx>
Date: Tue, 17 Jan 2006 22:28:47 +0100
Cc: Xen development list <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 17 Jan 2006 21:36:21 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.58.0601171128090.2273@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Mail-followup-to: Kurt Garloff <garloff@xxxxxxx>, Adam Heath <doogie@xxxxxxxxxxxxx>, Xen development list <xen-devel@xxxxxxxxxxxxxxxxxxx>
Organization: SUSE/Novell
References: <20060116234330.GC17087@xxxxxxxxxxxxxxxxxxxxxx> <43CCDA6E.5040608@xxxxxxxxxx> <20060117143403.GB16322@xxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.58.0601171128090.2273@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.9i
Hi Adam,

On Tue, Jan 17, 2006 at 11:28:58AM -0600, Adam Heath wrote:
> On Tue, 17 Jan 2006, Kurt Garloff wrote:
> >    In a paranoid scenario, you would not load any data from the domU
> >    filesystem in any way :-) But I can see why you would choose
> >    pygrub over domUloader in a sensitive environment, where you
> >    can't trust the domU admins. Point taken.
> >    I still think that in many use scenarios, you would be perfectly
> >    fine with domUloader.
> Have a special kernel that is used just for this, then boot a temporary domU,
> using this special kernel, read the data you need from the filesystem, then
> shut it down.

Good solution but quite complex ...

I wonder whether it would be easier porting grub to xen.

For now something simple that just works and is secure enough for 90+% 
of the users does not look so bad to me.

Kurt Garloff, Head Architect, Director SUSE Labs (act.), Novell Inc.

Attachment: pgpJ9Zl6VJa91.pgp
Description: PGP signature

Xen-devel mailing list