|
From: | Qixiaozhen |
Subject: | [Qemu-devel] [Qemu/Virtio-scsi]The feature of 'raw device mapping' cannot isolate the LUN to the owning virtual machine |
Date: | Mon, 27 Jan 2014 02:50:04 +0000 |
Hi,all A instance was created by virsh command in the CentOS 6.4. The LUN in the Storage Array Network(SAN) was attached to the instance with the following xml. <disk type='block' device='lun'> <driver name='qemu' type='raw' cache='none'/> <source dev='/dev/mapper/360022a110000ecba5db427db00000023'/> <target dev='vdb' bus='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/> </disk> <controller type='scsi' model='virtio-scsi'/> A scsi report command was executed in the instance, for example “sg_luns /dev/vdb”. However, It returned the list of the Luns in the SAN.
1)
The unrelated luns in the SAN were not isolated in the instance.
address@hidden ~]# sg_luns /dev/vdb Lun list length = 80 which imples 10 lun entries Report luns [select_report=0]: 0000000000000000 0001000000000000 0002000000000000 0003000000000000 0004000000000000 0005000000000000 0006000000000000 0007000000000000 0008000000000000 0009000000000000 address@hidden ~]#sg_map Stopping because no sg device found address@hidden ~]# address@hidden ~]#
2)
The report lun command in the physical server: address@hidden sdb]# sg_luns /dev/mapper/360022a110000ecba5db427db00000023 Lun list length = 80 which imples 10 lun entries Report luns [select_report=0x0]: 0000000000000000 0001000000000000 0002000000000000 0003000000000000 0004000000000000 0005000000000000 0006000000000000 0007000000000000 0008000000000000 0009000000000000 address@hidden sdb]# Is there any security problem if the report lun command was not isolated ? Sincerely, Qi ----------------------------------------------------------- Xiaozhen Qi Huawei Technologies Co.,LTD. IT Product Line CloudOS PDU China, Xi'an Mobile: +86-13609283376 Email: address@hidden |
[Prev in Thread] | Current Thread | [Next in Thread] |