> > I think the first step is to make sure that a filesystem that the guest > touched never gets used by the host again, not doing so is just way to > much of a security risk. > > Second there are lots of options to create filesystem entirely in > userspace with contents that can later be written to: > > Especially udf is a very interesting options as just about any modern > operating system supports it. The same is true for vfat, but vfat is > fairly limiting for many use cases.
Agreed on all points. > > Why do we ever read a filesystem touched by a guest in the host? I believe this is more of reading filesystems that were uploaded by users into glance. However, it is essentially the same thing. I don't think we need to do this and don't think we should do this. Clearly, however, someone somewhere, at some point, thought they wanted this. Regards, Eric Windisch _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
