WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Is using w! safe to share data between domains?

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Is using w! safe to share data between domains?
From: David H <davidh.davidh@xxxxxxxxx>
Date: Thu, 19 May 2005 17:32:50 -0700
Delivery-date: Fri, 20 May 2005 00:32:18 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=TMCcNQ1wtHsZAtst7TbeZrZttDdsTSo8La4g9WjWUvP4SVcqJw6+H8VTTar20ns553l94ZbFP+wsL1ivcdU8fVMK71EmnODVbYUVebqmRj++a2MiEjVKf/yT0wFJEdera4rX0boVTUkLeHFTWkqYgQ+saed/PGZlzgXio3aBmx8=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1116546581.15693.56.camel@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <A95E2296287EAD4EB592B5DEEFCE0E9D1E4124@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <1116546581.15693.56.camel@xxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: David H <davidh.davidh@xxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Since the domains will keep the same time you could write your scripts
to do the following:

1. Figure out how long a domain will need the fs (for this example
we'll use 4min).
2. Configure each domain to mount the fs ro and check for "tag-file"
file every other minutes (odd/even).
3. If domain 1 needs the file system it waits it's turn then mounts
the fs ro, checks for the tag-file, remounts rw writes the tag-file,
unmounts the fs, sleeps 2 minutes .
4. Domain 2 mounts the fs ro check for the tag-file, finds it, unmount
the fs, and sleeps 7 minutes.
5. Domain 1 after waiting two minutes mounts the fs rw does it's work,
deletes the tag-file, and unmounts the fs.

As long as the clocks stay in sync and processing completes in the
alloted time the two domains never mount the fs at the same time.

David


On 5/19/05, John A. Sullivan III <jsullivan@xxxxxxxxxxxxxxxxxxx> wrote:
> Ah, perhaps I didn't make something sufficiently clear.  Although
> several domUs will have access to the partition, only one should have it
> mounted at any time.  In other words, the system first mounts it read
> only simply to check to see if anyone else has it mounted and, if they
> do not, they remount it as rw.  There is the possibility that, in
> between the check and the remount as rw, something could sneak in.  And
> there is the brief moment when it is mounted ro that another device
> could be writing to it in which case it is immediately unmounted.
> 
> Network exchange with a big firewall does sound technically safer from
> corruption even if less safe from intrusion.  Thanks - John
> 
> On Thu, 2005-05-19 at 20:19 +0100, Ian Pratt wrote:
> >  > Hmmm . . . well, I really would prefer to do that although I
> > > was suspicious of the race condition someone else pointed
> > > out.  The data exchange is bidirectional.  That's why, at
> > > some point, multiple devices must mount it rw though none at
> > > the same time unless accidentally.
> > >
> > > Should I assume that if one system was always rw and the
> > > other ro, that I could get away with it but, if I must change
> > > back and forth, I asking for trouble?
> >
> > Why not use two partitions, one domain 'owning' each?
> >
> > Alternatively, if you NTP sync the machines, you could co-ordinate when
> > they were going to mount the partition. This is a higher risk than the
> > alternative, though.
> >
> > If you've only got one writer, the only risk is the reader's kernel
> > getting confused, but if you've just done a fresh mount of the file
> > system, read the data out and then unmount I suspect you'll get away
> > with it in practice.
> >
> > Ian
> >
> >
> > > Thanks very much - and by the way, thanks for such a great
> > > product - John
> > >
> > > On Thu, 2005-05-19 at 18:47 +0100, Ian Pratt wrote:
> > > > I suspect that in reality you'll get away with periodically
> > > mounting
> > > > the partition read-only, copying out the data you want,
> > > then unmounting it.
> > > > You can leave it mounted rw in the other domain the whole time.
> > > >
> > > > Ian
> > > >
> > > > > On Thu, 2005-05-19 at 16:21 +0100, Mark Williamson wrote:
> > > > > > On Thursday 19 May 2005 10:37, John A. Sullivan III wrote:
> > > > > > > I have a slightly unusual situation where I need to pass
> > > > > data from
> > > > > > > one domain to another but, for security reasons, one of
> > > > > the domains
> > > > > > > will not be on the network.  I would like to pass the
> > > data via a
> > > > > > > shared disk partition.  I would like to know if what I
> > > > > have done is safe.
> > > > > >
> > > > > > Have you considered giving the networkless domain a vif but
> > > > > > firewalling it off from everything you don't trust?  Having
> > > > > > network available would make this kind of sharing much easier,
> > > > > since you could
> > > > > > use NFS (purely networked), GFS or OCFS2 (both disk-based
> > > > > but require a network component to work).
> > > > > >
> > > > > <snip>
> > > > > Yes, that was the second choice.  We are trying to protect our
> > > > > Certificate Authorities as much as possible.  Thanks to
> > > everyone for
> > > > > their help - John
> > > > > --
> > > > > John A. Sullivan III
> > > > > Open Source Development Corporation
> > > > > +1 207-985-7880
> > > > > jsullivan@xxxxxxxxxxxxxxxxxxx
> > > > >
> > > > > If you would like to participate in the development of an open
> > > > > source enterprise class network security management
> > > system, please
> > > > > visit http://iscs.sourceforge.net
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Xen-users mailing list
> > > > > Xen-users@xxxxxxxxxxxxxxxxxxx
> > > > > http://lists.xensource.com/xen-users
> > > > >
> > > --
> > > John A. Sullivan III
> > > Open Source Development Corporation
> > > +1 207-985-7880
> > > jsullivan@xxxxxxxxxxxxxxxxxxx
> > >
> > > Financially sustainable open source development
> > > http://www.opensourcedevel.com
> > >
> > >
> --
> John A. Sullivan III
> Open Source Development Corporation
> +1 207-985-7880
> jsullivan@xxxxxxxxxxxxxxxxxxx
> 
> Financially sustainable open source development
> http://www.opensourcedevel.com
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users