[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] libxc: don't fail domain creation when unpacking initrd fails

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date: Mon, 16 Oct 2017 18:01:05 +0100
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>
Delivery-date: Mon, 16 Oct 2017 17:03:27 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Andrew Cooper writes ("Re: [Xen-devel] [PATCH] libxc: don't fail domain 
creation when unpacking initrd fails"):
> IMO, the toolstack should not be making assumptions about the initrd,
> and shouldn't be touching it.  It is the users responsibility to provide
> an initrd which its kernel can read.
> 
> Furthermore, leaving the decompression to the kernel reduces the dom0
> attack surface.

If we expect that only very old or very odd kernels can't do the
decompression themselves, then perhaps we could have an option to
enable initrd decompression and have it off by default.

Your point about the attack surface is well-made.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH] libxc: don't fail domain creation when unpacking initrd fails
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] libxc: don't fail domain creation when unpacking initrd fails
  - From: Ian Jackson
- Re: [Xen-devel] [PATCH] libxc: don't fail domain creation when unpacking initrd fails
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] libxc: don't fail domain creation when unpacking initrd fails
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH for-4.10] libxl: annotate s to be nonnull in libxl__enum_from_string
Next by Date: Re: [Xen-devel] [PATCH for-next] xen/pv: Construct d0v0's GDT properly
Previous by thread: Re: [Xen-devel] [PATCH] libxc: don't fail domain creation when unpacking initrd fails
Next by thread: Re: [Xen-devel] [PATCH] libxc: don't fail domain creation when unpacking initrd fails
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.