[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Is using w! safe to share data between domains?

On Thursday 19 May 2005 10:37, John A. Sullivan III wrote:
> I have a slightly unusual situation where I need to pass data from one
> domain to another but, for security reasons, one of the domains will not
> be on the network.  I would like to pass the data via a shared disk
> partition.  I would like to know if what I have done is safe.

Have you considered giving the networkless domain a vif but firewalling it off 
from everything you don't trust?  Having network available would make this 
kind of sharing much easier, since you could use NFS (purely networked), GFS 
or OCFS2 (both disk-based but require a network component to work).


> I created a disk partition named /dev/VG1/pkipass.
> Each domU disk definition contains: 'phy:VG1/pkipass,sda3,w!'
> None of the domUs automatically mounts this device.
> When one domU needs to deposit data for another domU to pick up (this
> exchange is always a manual effort to first deposit the shared data and
> then retrieve the shared data), we do the following:
> The depositing domU mounts sda3 read-only.
> It looks for a tag file -- this tag file is created when a domU has
> mounted the partition as read-write
> If the tag-file exists {
>       it unmounts the partition
>       it sleeps briefly
>       it retries
> }
> else {
>       it remounts the partition read-write
>       it creates the tag file
>       it deposits the data
>       it deletes the tag fie
>       it unmounts the partition
> }
> A similar process is used to retrieve the data.
> Is this safe?
> Thanks - John

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.