Checksums Done Right
Matthew Garrett
mjg59 at srcf.ucam.org
Sun Jul 1 22:06:08 UTC 2007
On Sun, Jul 01, 2007 at 02:59:03PM -0700, scott at cse.ucdavis.edu wrote:
> > With modern hardware the sensible thing to do is just to boot from CD.
>
> With modern hardware shutting a dom0 down might mean taking out 10+
> active, virtualized servers (in a HA environment it means live migrating
> those other servers). Assuming your dom0 is secure, rebooting only the
> domU you wish to check is sufficient and ideal. I expect tools to emerge
> that will allow one to analyze/validate a domU's kernel, loaded modules,
> and memory from the dom0 but until then shutting down individual domUs
> will have to do.
Yes, if you're already running in a virtualised environment then
providing a mechanism for checking the system makes sense. I'm just not
sure it's a compelling reason to move from a non-virtualised system to a
virtualised system. On the other hand, it ought to be possible (in most
cases) to skip using LVM snapshots. There's plenty of existing userspace
filesystem code that can read files from raw block devices (think grub,
for instance), so you should be able to scan the filesystem from the
dom0 without shutting it down or using LVM.
--
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the Ubuntu-devel-discuss
mailing list