|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] protection against a domu assigning a uuid to block device
On Wed, Mar 6, 2013 at 12:12 PM, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> wrote:
> Sean Greenslade writes ("Re: [Xen-devel] protection against a domu assigning
> a uuid to block device"):
>> Theoretically, if you had your boot disks on normal media and all domU
>> disks on LVM, you could remove LVM scanning from the boot sequence.
>> Thoughts?
>
> You'd have to be sure it didn't come back. Because if it did you
> probably wouldn't notice before you were 0wned.
>
> Ian.
True. I know that in Archlinux, the mkinitcpio conf file lets you pick
and choose which modules and "hooks" get built into the initramfs. If
you don't include the lvm2 hook, lvm volumes won't be scanned on boot.
If you use a service to scan them after the root drives are mounted,
that problem would likely be solved (though if you're being attacked,
having volumes with identical UUIDs may confuse the system in other
ways).
--
--Zootboy
Sent from some sort of computing device.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |