kr4z wrote:
zibeli wrote:
Do you really want the host mounting and examining your filesystems? I don't.
Why not? It already mounts them to create and resize them. There's not really any chance of anything going wrong if they're mounted read-only. There's also probably other ways to get the info without mounting them directly. For example, the kernel could be patched to return disk usage info to the host. There's already patches to the linode kernel to do things like disable the updatedb cron job by removing the executable bit.
Except for the swap image I use all "raw" images and create a reiserfs on them so as far as I know nothing else accesses them, but yes, if you use the linode-formatted images it must to create/resize the filesystem. I don't know the details of how the updatedb thing works (e.g. whether it's a kernel patch), but according to
http://www.linode.com/forums/viewtopic.php?t=1634 it does mount the filesystem. At any rate, while it's not really a big deal and by no means guarantees any security, I guess my preference would just be to avoid having another host mount my filesystems unless really necessary, and just to show me a graph of information I can readily get by typing "df" comes nowhere close to necessary imho.
FAQ
Search
Members
Register
Login [ Anonymous ]
