WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Is using w! safe to share data between domains?

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Is using w! safe to share data between domains?
From: Mark Williamson <mark.williamson@xxxxxxxxxxxx>
Date: Thu, 19 May 2005 16:21:48 +0100
Cc: "John A. Sullivan III" <jsullivan@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 19 May 2005 16:10:48 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1116495480.15693.18.camel@xxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <1116495480.15693.18.camel@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.8
On Thursday 19 May 2005 10:37, John A. Sullivan III wrote:
> I have a slightly unusual situation where I need to pass data from one
> domain to another but, for security reasons, one of the domains will not
> be on the network.  I would like to pass the data via a shared disk
> partition.  I would like to know if what I have done is safe.

Have you considered giving the networkless domain a vif but firewalling it off 
from everything you don't trust?  Having network available would make this 
kind of sharing much easier, since you could use NFS (purely networked), GFS 
or OCFS2 (both disk-based but require a network component to work).

Cheers,
Mark

> I created a disk partition named /dev/VG1/pkipass.
> Each domU disk definition contains: 'phy:VG1/pkipass,sda3,w!'
> None of the domUs automatically mounts this device.
>
> When one domU needs to deposit data for another domU to pick up (this
> exchange is always a manual effort to first deposit the shared data and
> then retrieve the shared data), we do the following:
>
> The depositing domU mounts sda3 read-only.
> It looks for a tag file -- this tag file is created when a domU has
> mounted the partition as read-write
> If the tag-file exists {
>       it unmounts the partition
>       it sleeps briefly
>       it retries
> }
> else {
>       it remounts the partition read-write
>       it creates the tag file
>       it deposits the data
>       it deletes the tag fie
>       it unmounts the partition
> }
>
> A similar process is used to retrieve the data.
>
> Is this safe?
>
> Thanks - John

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users