WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

[Xen-users] Stacked File Systems and Xen - state of the art

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Stacked File Systems and Xen - state of the art
From: Arik Raffael Funke <arik.funke@xxxxxx>
Date: Wed, 22 Nov 2006 15:02:14 +0000
Delivery-date: Wed, 22 Nov 2006 07:03:30 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.8 (Windows/20061025)
Hi,

does anybody know what the current state of stacking filesystems for xen guests is? The last discussions were about a year ago. Has anything changed? I.e. is it still unreliable and not really recommended?

Motivation:
-----------
I would like to set up a secure firewall. Consequently only minimal tools should be available... which makes administration not exactly comfortable.

The basic idea is to have the domU's (i.e. the firewall machine's) disk exported from dom0 via nfs. On dom0 the exported directory consists of several stacked layers. In the "standard" layer a "comfortable" linux is installed with all the tools that make admin's life easier... but the machine unsafe. On a "deletion" layer all the unneccesary tools have been marked as deleted. (...think about unionfs using the white-out deletion method.)

Now anytime I want to change something significant on my router I take it from the net, remove the "deletions" layer and restart it - and can comfortably go about my business without being hindered my by own security-mindedness.

Advantage of this approach: I only need unionfs support in dom0 and do not have to worry about fiddling with initrds etc for my guests.

Has anybody done this; how does it work in practise? Or - does anybody see a reason why this can't be done or won't work properly?

Regards,
Arik


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] Stacked File Systems and Xen - state of the art, Arik Raffael Funke <=