Re: [Xen-devel] Practical questions, ssh a domain, HD (Xen-Unstable)

[Rune Johan Andresen <runejoha@xxxxxxxxxxx>]

Thank you! Which approach do you consider the most secure in order to protect a user’s file system from another. In other words, which solution is most resistant against hacking? How is Xen designed to maintain the security between different users? 

Rune
<x-tad-smaller>
</x-tad-smaller>
On Jul 17, 2004, at 10:52 PM, Ian Pratt wrote:

> > Alternatively, put a file system on the partition and export
> > files to domains using the loopback device (losetup). This
> > enables you to use sparse files, allocating disk space on demand.
>
> Here's an example of how to do this:
>
> # e.g. create a 2GB sparse file (actually only consumes 1KB of disk)
> dd if=/dev/zero of=vm1disk bs=1k seek=2048k count=1
>
> # choose a free loop back device, and attach file
> losetup /dev/loop0 vm1disk
>
> # make a file system on the loop back device
> mkfs -t ext3 /dev/loop0
>
> # populate the file system e.g. by copying from the current root
> mount /dev/loop0 /mnt
> cp -ax / /mnt
> # tailor file system e.g. by editing /etc/fstab /etc/hostname etc.
> # make sure you unmount !!!
> umount /dev/loop0
>
>
> You can then export the loop device to a domain using e.g.:
>
> disk = [ 'phy:loop0,sda1,w' ]
>
> As you write to the 'disk', the sparse file will become filled in
> and consume more space (up to the original 2GB).
>
> One feature we're planning to add to xend is to have it track
> which loop devices are currently free and have it do the
> allocation. You'd then be able to assign a file as a VD using:
> [ 'loop:vm1disk,sda1,w' ] 
>
>
> Ian