 Home |
Products |
Support |
Community |
News |
xen-users
Re: [Xen-users] using encrypted swap & tmpfs in Xen DomUs ?
| To: | "Fajar A. Nugraha" <fajar@xxxxxxxxx> |
|---|---|
| Subject: | Re: [Xen-users] using encrypted swap & tmpfs in Xen DomUs ? |
| From: | PGNet <pgnet.trash+xen@xxxxxxxxx> |
| Date: | Wed, 14 Jan 2009 18:29:40 -0800 |
| Cc: | xen-users@xxxxxxxxxxxxxxxxxxx |
| Delivery-date: | Wed, 14 Jan 2009 18:30:25 -0800 |
| Dkim-signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references :x-google-sender-auth; bh=AGCZ0iKsOHNLB40bpv4DdJRZ7e8lEHbMrBlaCI1LQG0=; b=P25D4nnezZn06bBTGCeNBOXYJFnhkSY7yZm3mfmuyM+ir8MxTS6IyHZlGx1Li7nQfT Plp5gd+YkOsd2VWzqtqmmuybDZTegtW9hedDb0tRZ12flkX2zoclVN4K38VTUoDeO5Sq V7QLA4p2BiVPTOKJas5gSXdy+ysP3CXZQw1Xs= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references:x-google-sender-auth; b=sH3prxR5w40zqSCjWETu+xUJtbdQl01xQDJWX+9HPbAFUSBvgOHQVT3HhznzpzoUli oA3KTUqFfFmSqUWpqaIinCmapLkPEoYKcSzroHueM3SpvBA9jfhNmZuBNJIkWeV7cZzK dxCbcG2GJJ0KcoAHzDK6CcTQiynjPeIDxRhsw= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| In-reply-to: | <496E9965.9080507@xxxxxxxxx> |
| List-help: | <mailto:xen-users-request@lists.xensource.com?subject=help> |
| List-id: | Xen user discussion <xen-users.lists.xensource.com> |
| List-post: | <mailto:xen-users@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe> |
| References: | <dbd51810901141027t184548bfi8349300869eb1e33@xxxxxxxxxxxxxx> <496E9965.9080507@xxxxxxxxx> |
| Sender: | xen-users-bounces@xxxxxxxxxxxxxxxxxxx |
On Wed, Jan 14, 2009 at 6:03 PM, Fajar A. Nugraha <fajar@xxxxxxxxx> wrote: > Generally speaking best practices on standalone hosts should be apply on > domU hosts. Sure, in general. But I'm looking for any Xen 'gotchas', in partuclar, performance related issues due to 'communication & traffic' between xen/hypervisor components. Tough to say specifically what I'm looking for, when I don't know what I'm looking for ;-) > I am curious though, which reference points you that it's good to > encrypt swap while still having filesystem unencrypted? Simply usage. Primarily, -- I need remote reboot capability ... iiuc, can't do that if / is encrypted. -- Physical penetration is not an issue. -- My data & configs are all on attached/remote drives/servers that are encrypted, if/when required. Nothing's on / that I care about anyway, so why take the performance hit? -- encrypted swap does provide some protection against buffer overflow attacks that don't, necessarily, need to gain root (if they do, i'm hosed anyway), and dumping encrypted data in swap. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Xen-users] using encrypted swap & tmpfs in Xen DomUs ?, Fajar A. Nugraha |
|---|---|
| Next by Date: | Re: [Xen-users] how to find the underlying device of an block-attached device, vu pham |
| Previous by Thread: | Re: [Xen-users] using encrypted swap & tmpfs in Xen DomUs ?, Fajar A. Nugraha |
| Next by Thread: | Re: [Xen-users] using encrypted swap & tmpfs in Xen DomUs ?, Fajar A. Nugraha |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
