[Gllug] Virtual disk allocation advice requested
Bruce Richardson
itsbruce at workshy.org
Mon Jun 30 10:12:44 UTC 2008
On Mon, Jun 30, 2008 at 10:39:34AM +0100, Richard wrote:
> > =Logic says that if use NFS, eg for /home within any VM and 'house' the
> > NFS server within another VM, that at boot time Xen will not guarantee
> > that one domain will be up and running prior to another being started
> > and thus the situation may produce a time-race condition.
>
> Yup, this is another reason not to use a server in a guest (although
> exactly the same problem may happen with an NFS server in the dom0 --
> how do you know it is serving requests before the guests start up?).
I would never run NFS or anything like that from a dom0; it's a waste of
the resources used by dom0 and a huge security risk. If dom0 is
compromised then the attacker gains access to all the domUs. Running
network services from dom0 just makes this much more likely.
For security, I prefer to have the domUs bridging across one physical
interface (or bonded pair) and dom0 accessible via a separate one (on a
different subnet and network segment if at all possible.)
--
Bruce
The ice-caps are melting, tra-la-la-la. All the world is drowning,
tra-la-la-la-la. -- Tiny Tim.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20080630/e636092c/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list