Xen project Mailing List

Re: [Xen-users] hostfs for xen?

To: Anthony Liguori <aliguori@xxxxxxxxxx>

From: Nils Toedtmann <xen-users@xxxxxxxxxxxxxxxxxx>

Date: Fri, 20 May 2005 01:59:16 +0200

Delivery-date: Fri, 20 May 2005 00:00:28 +0000

List-id: Xen user discussion <xen-users.lists.xensource.com>

Am Donnerstag, den 19.05.2005, 18:34 -0500 schrieb Anthony Liguori: > Nils Toedtmann wrote: > >Am Donnerstag, den 19.05.2005, 05:37 -0400 schrieb John A. Sullivan > >III: > >>I have a slightly unusual situation where I need to pass data from one > >>domain to another but, for security reasons, one of the domains will not > >>be on the network. I would like to pass the data via a shared disk > >>partition. I would like to know if what I have done is safe. > > > >UML has a neat & simple solution for sharing filesystems between the > >guests and the host (that's UML speak, read "between the domUs and > >dom0"): hostfs. The host can assign a "hostfs-root-dir" to a guest; the > >guest may then mount any subdir of that directly into its own filesystem > >(like a bindmount). Read/write operations get mapped to a uid on the > >host (that mapping comes naturally since a UML guest is nothing but a > >process on the host owned by that uid). Hostfs is really cool in > >situations where nfs would be overkill or considered a security risk (i > >admit: i do not know if hostfs actually _is_ more secure than nfs, or - > >if not - if it could be designed in a secure manner. It just appears to > >be more secure due to its simplicity). > > > I don't know how UML does this It's a guest kernel compile time option. Hostfs does not need any userland tools/daemons. > but it seems like VMware embeds a version of Samba for this purpose. Yes it does. > You could certainly use it to achieve the same goal. Not if my goal is to avoid network filesystems or - like John - to avoid networking at all! Hostfs is _much_ simpler (and more secure??) than nfs or smbfs/cifs. nfs needs a portmapper daemon, a nfs-server, a lock- daemon, uses dynamic port allocations which are hard to firewall, authentication need to be configured properly; cifs/smbfs needs - at least - a nmbd & smbd deamon, sid<-->uid mapping and authentication need to be configured properly ... And you do not want to export a unixish fs to a unixish os via cifs ;) btw: vmware has another functionality they call "shared folders". That comes much closer to hostfs. /nils. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.