Hello, I was hoping that somebody who's very familiar with the 'disk' and 'root' permission options in the XEN guest configuration file could answer a couple of questions. I've been googling this for days and haven't found any really good explanations. I've also read the book "Running Xen" twice and this is not explained in enough detail there either.
Lets say I have a bunch of identical CentOS 5 domain0 servers and want to create a couple of domU guests on each of these systems using the same exact file system image as domain0. The book "Running Xen" says my config file should look something like this:
disk = ['phy:hda1,xvda1,w'] root = "/dev/hda1 ro"
If I export hda1 with read-write permissions (w) wouldn't this give anyone with access to the guest domain the ability to destroy the root file system on Domain0? (since hda1 is the root partition for domain0 AND my new domU guest)
Would you also please explain the read-only (ro) rights associated with the 'root' line. Why would you mount a root partition 'ro', the kernel needs to write to the root partition for various things such as 'var' and /etc/mtab?
Thanks for your help!
|