> Yes, if you're already running in a virtualised environment then > providing a mechanism for checking the system makes sense. I'm just not > sure it's a compelling reason to move from a non-virtualised system to a > virtualised system.
Indeed. I don't expect an integrity scanner like CDR to be *the* reason people start using virtuali[sz]ation. There are already enough compelling reasons to use it (and to stay away for that matter). As an admin with the budget to purchase halfway decent hardware and spend some time on design it makes my life much easier, so I prefer it. > so you should be able to scan the filesystem from the > dom0 without shutting it down Yes, at least until rootkits hide themselves in memory like I described before. > or using LVM. Yes, but beware of staleness due to disk caching. Of course an LVM snapshot is by definition stale. Scott -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
