[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable)

Thank you! Which approach do you consider the most secure in order to protect a user’s file system from another. In other words, which solution is most resistant against hacking? How is Xen designed to maintain the security between different users?


On Jul 17, 2004, at 10:52 PM, Ian Pratt wrote:

Alternatively, put a file system on the partition and export
files to domains using the loopback device (losetup). This
enables you to use sparse files, allocating disk space on demand.

Here's an example of how to do this:

# e.g. create a 2GB sparse file (actually only consumes 1KB of disk)
dd if=/dev/zero of=vm1disk bs=1k seek=2048k count=1

# choose a free loop back device, and attach file
losetup /dev/loop0 vm1disk

# make a file system on the loop back device
mkfs -t ext3 /dev/loop0

# populate the file system e.g. by copying from the current root
mount /dev/loop0 /mnt
cp -ax / /mnt
# tailor file system e.g. by editing /etc/fstab /etc/hostname etc.
# make sure you unmount !!!
umount /dev/loop0

You can then export the loop device to a domain using e.g.:

disk = [ 'phy:loop0,sda1,w' ]

As you write to the 'disk', the sparse file will become filled in
and consume more space (up to the original 2GB).

One feature we're planning to add to xend is to have it track
which loop devices are currently free and have it do the
allocation. You'd then be able to assign a file as a VD using:
[ 'loop:vm1disk,sda1,w' ]




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.