[PATCH 0/6] kexec: A new system call to allow in kernel loading
Jiri Kosina
jkosina at suse.cz
Fri Nov 22 11:04:04 EST 2013
On Fri, 22 Nov 2013, Eric Paris wrote:
> Consider a cloud provider who gives their customer a machine where
> they, the cloud provider, is specifying the kernel and initrd. This
> is a real thing that people do today. Root on the machine has ZERO
> control over the kernel, bootloader, and initrd. Check it out,
> qemu/kvm can do this. But, there is no way to disable kexec if the
> distro configures it in (well, there is in RHEL at least).
If that root can load LKMs, access /dev/mem, or whatever else, there is
not really a point disabling kexec anyway, is the same thing can be
implemented (although with more hassle, of course) through these channels
as well.
--
Jiri Kosina
SUSE Labs
More information about the kexec
mailing list