From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jeremy Katz <katzj@redhat.com>
Subject: Re: RE: Building domains as a lesser user (was Re:
	[Xen-devel] bootloaders for domain != 0)
Date: Fri, 04 Feb 2005 08:47:56 -0500
Message-ID: <1107524876.7797.16.camel@bree.local.net>
References: <A95E2296287EAD4EB592B5DEEFCE0E9D1236FE@liverpoolst.ad.cl.cam.ac.uk>
	 <1107523253.7797.7.camel@bree.local.net>
	 <200502041327.33744.maw48@cl.cam.ac.uk>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
In-Reply-To: <200502041327.33744.maw48@cl.cam.ac.uk>
Sender: xen-devel-admin@lists.sourceforge.net
Errors-To: xen-devel-admin@lists.sourceforge.net
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.sourceforge.net>
List-Help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
To: Mark Williamson <maw48@cl.cam.ac.uk>
Cc: xen-devel@lists.sourceforge.net, Ian Pratt <m+Ian.Pratt@cl.cam.ac.uk>
List-Id: xen-devel@lists.xenproject.org

On Fri, 2005-02-04 at 13:27 +0000, Mark Williamson wrote:
> > > > And then, it's yet another kernel to keep updated, etc.
> > >
> > > I don't see any reason to keep it up to date. Its running in a protected
> > > environemnt and doesn't have any extra access that the kernel about to
> > > be booted is going to get.
> >
> > Users don't tend to take that answer very well ;)  The protected
> > environment means you can have a little bit longer to fix it, but they
> > have things like audit requirements, etc.
> 
> OK but the kernel can be essentially airgapped from the rest of the world - 
> not necessary to include network drivers, etc (or if we do, not strictly 
> necessary to connect the device channels).  Security shouldn't be the issue, 
> so if it works I wouldn't think it'd need updating regularly.

And then you get the question "my kernel booting said it was version
x.y.z and you put out a security fix that's x.y.z.w -- why doesn't my
kernel have that fix?"  Users are kind of weird like that sometimes.
And since it's the same source, you really do want to keep the packages
in sync otherwise you have a nitemare from a packaging/distribution
perspective.

So while you might not strictly _need_ to, you'll end up having to do
it.

> To be honest, I think whatever solution we go with is going to look a little 
> messy.

Well, it is the equivalent of a boot loader and I've looked at the code
to most of them... about the only thing they have in common is
"messy" :-)

Jeremy



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl