[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] protection against a domu assigning a uuid to block device



On Wed, Mar 6, 2013 at 12:12 PM, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> wrote:
> Sean Greenslade writes ("Re: [Xen-devel] protection against a domu assigning 
> a uuid to block device"):
>> Theoretically, if you had your boot disks on normal media and all domU
>> disks on LVM, you could remove LVM scanning from the boot sequence.
>> Thoughts?
>
> You'd have to be sure it didn't come back.  Because if it did you
> probably wouldn't notice before you were 0wned.
>
> Ian.

True. I know that in Archlinux, the mkinitcpio conf file lets you pick
and choose which modules and "hooks" get built into the initramfs. If
you don't include the lvm2 hook, lvm volumes won't be scanned on boot.
If you use a service to scan them after the root drives are mounted,
that problem would likely be solved (though if you're being attacked,
having volumes with identical UUIDs may confuse the system in other
ways).

-- 
--Zootboy

Sent from some sort of computing device.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.