Στις 06/04/2012 02:31 μμ, ο/η Jay Goldberg έγραψε: > I'm sure that you are aware that LVM will do snapshots as well? Maybe > this can be used to avoid the reboot?
For starters, we'll try running ltsp-publish-image while the server is running. I believe that in most cases that will run fine, and I'll try to put some code to disable package updates or cron jobs at that point. I also have code for `ltsp-publish-image --revert` to revert to the last exported image, in case problems are found in the new one, so that will also help in maximizing client uptime and avoiding server downtime. Only if we see in practise that a server reboot is necessary, we'll resort to `grub-reboot --set-the-ltsp-publish-image-default`. > Even if sensitive server files bleed over to the client image, doesn't > Ubuntu's security settings block other users anyway? NBD or NFS exported root disks are generally insecure. I won't go into details, I'll just say that while it needs some expertise (and a non-LTSP client owned by the "hacker") to gain access, we should remove all sensitive data from the published disk. In /usr/share/ltsp-pnp/publish.d/ there are some scripts that take care of that; sysadmins can add their own in /etc/ltsp/publish.d. ltsp-publish-image creates a COW dir and mounts with overlayfs/aufs the server / there, so programs like deluser can be ran in a chrooted environment to remove users, regenerate certificates etc (while not touching the server / at all). I'll publish an initial ltsp-pnp version in a few days, and more "cleanup" scripts will be added over time. It's just a matter of pinpointing the sensitive data and erasing it, so I don't think that we'll hit a problem that we won't be able to overcome. ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
