WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable)

To: Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable)
From: Rune Johan Andresen <runejoha@xxxxxxxxxxx>
Date: Mon, 19 Jul 2004 15:59:15 +0200
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxxx, Rune Johan Andresen <Rune.Johan.Andresen@xxxxxxxxxxx>
Delivery-date: Mon, 19 Jul 2004 15:01:09 +0100
Envelope-to: steven.hand@xxxxxxxxxxxx
In-reply-to: <E1BlwAc-0006Hc-00@xxxxxxxxxxxxxxxxx>
Keywords: CERN SpamKiller Note: -51 Charset: west-latin
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <E1BlwAc-0006Hc-00@xxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx

Thank you! Which approach do you consider the most secure in order to protect a user’s file system from another. In other words, which solution is most resistant against hacking? How is Xen designed to maintain the security between different users?

Rune
<x-tad-smaller>
</x-tad-smaller>

On Jul 17, 2004, at 10:52 PM, Ian Pratt wrote:

Alternatively, put a file system on the partition and export
files to domains using the loopback device (losetup). This
enables you to use sparse files, allocating disk space on demand.

Here's an example of how to do this:

# e.g. create a 2GB sparse file (actually only consumes 1KB of disk)
dd if=/dev/zero of=vm1disk bs=1k seek=2048k count=1

# choose a free loop back device, and attach file
losetup /dev/loop0 vm1disk

# make a file system on the loop back device
mkfs -t ext3 /dev/loop0

# populate the file system e.g. by copying from the current root
mount /dev/loop0 /mnt
cp -ax / /mnt
# tailor file system e.g. by editing /etc/fstab /etc/hostname etc.
# make sure you unmount !!!
umount /dev/loop0


You can then export the loop device to a domain using e.g.:

disk = [ 'phy:loop0,sda1,w' ]

As you write to the 'disk', the sparse file will become filled in
and consume more space (up to the original 2GB).

One feature we're planning to add to xend is to have it track
which loop devices are currently free and have it do the
allocation. You'd then be able to assign a file as a VD using:
[ 'loop:vm1disk,sda1,w' ]


Ian