matthew sporleder wrote: [---] >> - I feel that the kernel solution is much more "natural" (to the end >> user). You just set the root device to cgd0 in the kernel config, set up >> the appropriate parameters for cgd0, and boot the kernel off a memory >> stick or cd. >> - Adding root-on-cgd-support to sysinstall would be trivial. >> - No special memory disk kernel is required. Even the GENERIC one >> would suffice. You only need to be able to specify the root device and >> cgd parameters in boot.cfg. > > I don't know if I requiring a netboot/cdrom is really "natural" as it > limits your flexibility a fair amount. Remember the context: Typically a laptop, or a server which only you should be able to access all files on, but where you're not the only one with physical access. The goal is to ensure that an attacker can't boot off a cd, and change/replace files on your file system. To accomplish this, you need to boot it from a secondary medium (for instance, usb memory stick or cd, which you keep to yourself) for both the kernelized and the init.root method. Booting from a secondary media is not a "limitation". It's design. [---] >> Arguments for the init.root solution: >> - There's a nifty shell you drop out to if you shut down to single >> user mode, which can be used for maintenance. > > Does this open the door for any other really great features? Live > kernel updates or something? No. -- Kind regards, Jan Danielsson
Attachment:
signature.asc
Description: OpenPGP digital signature