On Tue, Jan 17, 2006 at 11:28:58AM -0600, Adam Heath wrote:
> On Tue, 17 Jan 2006, Kurt Garloff wrote:
> > In a paranoid scenario, you would not load any data from the domU
> > filesystem in any way :-) But I can see why you would choose
> > pygrub over domUloader in a sensitive environment, where you
> > can't trust the domU admins. Point taken.
> > I still think that in many use scenarios, you would be perfectly
> > fine with domUloader.
> Have a special kernel that is used just for this, then boot a temporary domU,
> using this special kernel, read the data you need from the filesystem, then
> shut it down.
Good solution but quite complex ...
I wonder whether it would be easier porting grub to xen.
For now something simple that just works and is secure enough for 90+%
of the users does not look so bad to me.
Kurt Garloff, Head Architect, Director SUSE Labs (act.), Novell Inc.
Description: PGP signature
Xen-devel mailing list