Software that you don't need is a security risk as it imposes additional
attack surface - we all know that.
Besides exploits those tools might cause additional threat (e.G. RDP-
So you better do not install non-universal software* in a template VM.
*software that is not needed in every VM which is based on that template
So where to put non-universal software?
- user-space: allows malware to persist easily, because of persistent
write rights. And does not allow usage of standard repositories
- other (cloned) TemplateVM: You need to make sure that you keep all
templates up-to-date for security reasons, you need much more storage
space and cause more ssd aging
So what about a multi-level template system. That way you can keep at
least most software up-to-date with a single update process. This would
need a delta-filesystem instead of the current image=directory approach
i think. I don't know whether Xen has such capabilities?!
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.