[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Is using w! safe to share data between domains?



 
> Hmmm . . . well, I really would prefer to do that although I 
> was suspicious of the race condition someone else pointed 
> out.  The data exchange is bidirectional.  That's why, at 
> some point, multiple devices must mount it rw though none at 
> the same time unless accidentally.
> 
> Should I assume that if one system was always rw and the 
> other ro, that I could get away with it but, if I must change 
> back and forth, I asking for trouble?

Why not use two partitions, one domain 'owning' each?

Alternatively, if you NTP sync the machines, you could co-ordinate when
they were going to mount the partition. This is a higher risk than the
alternative, though.

If you've only got one writer, the only risk is the reader's kernel
getting confused, but if you've just done a fresh mount of the file
system, read the data out and then unmount I suspect you'll get away
with it in practice.

Ian

 
> Thanks very much - and by the way, thanks for such a great 
> product - John
> 
> On Thu, 2005-05-19 at 18:47 +0100, Ian Pratt wrote:
> > I suspect that in reality you'll get away with periodically 
> mounting 
> > the partition read-only, copying out the data you want, 
> then unmounting it.
> > You can leave it mounted rw in the other domain the whole time.
> > 
> > Ian
> > 
> > > On Thu, 2005-05-19 at 16:21 +0100, Mark Williamson wrote:
> > > > On Thursday 19 May 2005 10:37, John A. Sullivan III wrote:
> > > > > I have a slightly unusual situation where I need to pass
> > > data from
> > > > > one domain to another but, for security reasons, one of
> > > the domains
> > > > > will not be on the network.  I would like to pass the 
> data via a 
> > > > > shared disk partition.  I would like to know if what I
> > > have done is safe.
> > > > 
> > > > Have you considered giving the networkless domain a vif but 
> > > > firewalling it off from everything you don't trust?  Having 
> > > > network available would make this kind of sharing much easier,
> > > since you could
> > > > use NFS (purely networked), GFS or OCFS2 (both disk-based
> > > but require a network component to work).
> > > > 
> > > <snip>
> > > Yes, that was the second choice.  We are trying to protect our 
> > > Certificate Authorities as much as possible.  Thanks to 
> everyone for 
> > > their help - John
> > > --
> > > John A. Sullivan III
> > > Open Source Development Corporation
> > > +1 207-985-7880
> > > jsullivan@xxxxxxxxxxxxxxxxxxx
> > > 
> > > If you would like to participate in the development of an open 
> > > source enterprise class network security management 
> system, please 
> > > visit http://iscs.sourceforge.net
> > > 
> > > 
> > > _______________________________________________
> > > Xen-users mailing list
> > > Xen-users@xxxxxxxxxxxxxxxxxxx
> > > http://lists.xensource.com/xen-users
> > > 
> --
> John A. Sullivan III
> Open Source Development Corporation
> +1 207-985-7880
> jsullivan@xxxxxxxxxxxxxxxxxxx
> 
> Financially sustainable open source development 
> http://www.opensourcedevel.com
> 
> 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.