Hi,all
A instance was created by virsh command in the CentOS 6.4.
The LUN in the Storage Array Network(SAN) was attached to the instance with the following xml.
<disk type='block' device='lun'>
<driver name='qemu' type='raw' cache='none'/>
<source dev='/dev/mapper/360022a110000ecba5db427db00000023'/>
<target dev='vdb' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</disk>
<controller type='scsi' model='virtio-scsi'/>
A scsi report command was executed in the instance, for example “sg_luns /dev/vdb”. However, It returned the list of the Luns in the SAN.
1)
The unrelated luns in the SAN were not isolated in the instance.
address@hidden ~]# sg_luns /dev/vdb
Lun list length = 80 which imples 10 lun entries
Report luns [select_report=0]:
0000000000000000
0001000000000000
0002000000000000
0003000000000000
0004000000000000
0005000000000000
0006000000000000
0007000000000000
0008000000000000
0009000000000000
address@hidden ~]#sg_map
Stopping because no sg device found
address@hidden ~]#
address@hidden ~]#
2)
The report lun command in the physical server:
address@hidden sdb]# sg_luns /dev/mapper/360022a110000ecba5db427db00000023
Lun list length = 80 which imples 10 lun entries
Report luns [select_report=0x0]:
0000000000000000
0001000000000000
0002000000000000
0003000000000000
0004000000000000
0005000000000000
0006000000000000
0007000000000000
0008000000000000
0009000000000000
address@hidden sdb]#
Is there any security problem if the report lun command was not isolated ?
Sincerely,
Qi
-----------------------------------------------------------
Xiaozhen Qi
Huawei Technologies Co.,LTD.
IT Product Line CloudOS PDU
China, Xi'an
Mobile: +86-13609283376
Email: address@hidden