NFS doesn't support extended attributes out of the box. So when we'll activate security at the filesystem level (using LSM like SMACK or selinux), we won't be able to boot over NFS.
The base idea to solve this is to use alternative protocols to connect block
devices through network, getting rid of filesystem, permissions, attribs etc.. Some candidates:
- NBD / DRBD
- AoE (ATA over Eth)
Ideas: we won't get any vanilla support for booting on such devices in the
kernel AFAIK. So we'll need to push an initrd that will mount the rootfs
then 'pivot_root' on it, as usually done for example when one wants to
mount a rootfs on a RAID5 volume.
We could expect to have an AGL network image which could be built on top of the
usual image, with a few extra steps to assemble an initramfs (kernel config
would also require some extra features)