Mailing List Archive

Nils Toedtmann wrote:

>Am Donnerstag, den 19.05.2005, 05:37 -0400 schrieb John A. Sullivan
>III:
>
>
>>I have a slightly unusual situation where I need to pass data from one
>>domain to another but, for security reasons, one of the domains will not
>>be on the network. I would like to pass the data via a shared disk
>>partition. I would like to know if what I have done is safe.
>>
>>
>
>UML has a neat & simple solution for sharing filesystems between the
>guests and the host (that's UML speak, read "between the domUs and
>dom0"): hostfs. The host can assign a "hostfs-root-dir" to a guest; the
>guest may then mount any subdir of that directly into its own filesystem
>(like a bindmount). Read/write operations get mapped to a uid on the
>host (that mapping comes naturally since a UML guest is nothing but a
>process on the host owned by that uid). Hostfs is really cool in
>situations where nfs would be overkill or considered a security risk (i
>admit: i do not know if hostfs actually _is_ more secure than nfs, or -
>if not - if it could be designed in a secure manner. It just appears to
>be more secure due to its simplicity).
>
>
I don't know how UML does this but it seems like VMware embeds a version
of Samba for this purpose.

You could certainly use it to achieve the same goal.

Regards,

Anthony Liguori

>Would such a thing be interesting for xen? Or would that be too evil? I
>really missed hostfs when i switched from UML to xen.
>
>/nils.
>
>
>_______________________________________________
>Xen-users mailing list
>Xen-users@lists.xensource.com
>http://lists.xensource.com/xen-users
>
>
>


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Am Donnerstag, den 19.05.2005, 18:34 -0500 schrieb Anthony Liguori:
> Nils Toedtmann wrote:
> >Am Donnerstag, den 19.05.2005, 05:37 -0400 schrieb John A. Sullivan
> >III:
> >>I have a slightly unusual situation where I need to pass data from one
> >>domain to another but, for security reasons, one of the domains will not
> >>be on the network. I would like to pass the data via a shared disk
> >>partition. I would like to know if what I have done is safe.
> >
> >UML has a neat & simple solution for sharing filesystems between the
> >guests and the host (that's UML speak, read "between the domUs and
> >dom0"): hostfs. The host can assign a "hostfs-root-dir" to a guest; the
> >guest may then mount any subdir of that directly into its own filesystem
> >(like a bindmount). Read/write operations get mapped to a uid on the
> >host (that mapping comes naturally since a UML guest is nothing but a
> >process on the host owned by that uid). Hostfs is really cool in
> >situations where nfs would be overkill or considered a security risk (i
> >admit: i do not know if hostfs actually _is_ more secure than nfs, or -
> >if not - if it could be designed in a secure manner. It just appears to
> >be more secure due to its simplicity).
> >
> I don't know how UML does this

It's a guest kernel compile time option. Hostfs does not need any
userland tools/daemons.

> but it seems like VMware embeds a version of Samba for this purpose.

Yes it does.

> You could certainly use it to achieve the same goal.

Not if my goal is to avoid network filesystems or - like John - to avoid
networking at all! Hostfs is _much_ simpler (and more secure??) than nfs
or smbfs/cifs. nfs needs a portmapper daemon, a nfs-server, a lock-
daemon, uses dynamic port allocations which are hard to firewall,
authentication need to be configured properly; cifs/smbfs needs - at
least - a nmbd & smbd deamon, sid<-->uid mapping and authentication need
to be configured properly ... And you do not want to export a unixish fs
to a unixish os via cifs ;)

btw: vmware has another functionality they call "shared folders". That
comes much closer to hostfs.

/nils.


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Nils Toedtmann wrote:

>>You could certainly use it to achieve the same goal.
>>
>>
>
>Not if my goal is to avoid network filesystems or - like John - to avoid
>networking at all! Hostfs is _much_ simpler (and more secure??) than nfs
>
>
Which is a perfectly reasonable goal. Keep in mind however you do not
have to expose a virtual network interface to the real network so you
can think of a virtual network interfaces as just another interdomain
communication mechanism.

>or smbfs/cifs. nfs needs a portmapper daemon, a nfs-server, a lock-
>daemon, uses dynamic port allocations which are hard to firewall,
>authentication need to be configured properly; cifs/smbfs needs - at
>least - a nmbd & smbd deamon, sid<-->uid mapping and authentication need
>to be configured properly ... And you do not want to export a unixish fs
>to a unixish os via cifs ;)
>
>
Actually, modern cifs clients provide unix extensions. Also, you do not
need most of the stuff you suggested. The advantages of not having that
much additional software running in dom0 is true. However, a hostfs is
a one-OS solution. It requires significant engineering to extend to
other platforms (like the BSD's, Windows, etc.). That's something to
consider.

There are cifs (and nfs) clients for Linux, Windows, *BSD, etc. I'm not
suggesting that this is the only solution but I certainly think it's a
useful one.

>btw: vmware has another functionality they call "shared folders". That
>comes much closer to hostfs.
>
>
Isn't shared folders implemented with Samba?

Regards,

Anthony Liguori

>/nils.
>
>
>
>


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Am Donnerstag, den 19.05.2005, 20:16 -0500 schrieb Anthony Liguori:
> Nils Toedtmann wrote:
> > > You could certainly use it to achieve the same goal.
> >
> > Not if my goal is to avoid network filesystems or - like John - to avoid
> > networking at all! Hostfs is _much_ simpler (and more secure??) than nfs
> >
> Which is a perfectly reasonable goal. Keep in mind however you do not
> have to expose a virtual network interface to the real network so you
> can think of a virtual network interfaces as just another interdomain
> communication mechanism.

True. Some people just don't feel well with running "bloated" services
like samba (which have a well known history of security issues) when
there are simpler mechanisms.


> > or smbfs/cifs. nfs needs a portmapper daemon, a nfs-server, a lock-
> > daemon, uses dynamic port allocations which are hard to firewall,
> > authentication need to be configured properly; cifs/smbfs needs - at
> > least - a nmbd & smbd deamon, sid<-->uid mapping and authentication need
> > to be configured properly ... And you do not want to export a unixish fs
> > to a unixish os via cifs ;)
> >
> >
> Actually, modern cifs clients provide unix extensions. Also, you do not
> need most of the stuff you suggested. The advantages of not having that
> much additional software running in dom0 is true. However, a hostfs is
> a one-OS solution. It requires significant engineering to extend to
> other platforms (like the BSD's, Windows, etc.). That's something to
> consider.

True. That may be a no-go argument for a xen-implementation :-(


> There are cifs (and nfs) clients for Linux, Windows, *BSD, etc. I'm not
> suggesting that this is the only solution but I certainly think it's a
> useful one.
>
> > btw: vmware has another functionality they call "shared folders". That
> > comes much closer to hostfs.
> >
> Isn't shared folders implemented with Samba?

They appear to the guest as network drives, but they do not need a samba
service running on the host. File operations on the host are done by the
vmware process itself and underlie the fs permissions the vmware process
owner has. Maybe vmware internally translates that to cifs shares (using
samba code?).

/nils.


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

> > > Not if my goal is to avoid network filesystems or - like John - to
> > > avoid networking at all! Hostfs is _much_ simpler (and more secure??)
> > > than nfs

In comparison to almost any other Linux filesytem, HostFS is refreshingly
simple. It translates VFS ops into host filesystem operations in a rather
direct way.

Unfortunately it wouldn't be that neat under Xen because you'd have to use a
"split" (i.e. front and back ends) driver. The closest thing you could get
to HostFS in terms of functionality and simplicity would probably be as
follows:
* "XenHostFS" driver in the guest translates VFS operations to some
OS-independent format and queues them in an interdomain comms ring
* "XenHostFSd" server in dom0 gets these and translates them into local file
operations. This could probably be implemented in userspace if you weren't
too worried about cunning performance tricks.

> > Actually, modern cifs clients provide unix extensions. Also, you do not
> > need most of the stuff you suggested. The advantages of not having that
> > much additional software running in dom0 is true. However, a hostfs is
> > a one-OS solution. It requires significant engineering to extend to
> > other platforms (like the BSD's, Windows, etc.). That's something to
> > consider.
>
> True. That may be a no-go argument for a xen-implementation :-(

If the interdomain protocol is well defined then the above implementation
could be made to work, although each OS would need a different frontend
filesystem driver.

> They appear to the guest as network drives, but they do not need a samba
> service running on the host. File operations on the host are done by the
> vmware process itself and underlie the fs permissions the vmware process
> owner has. Maybe vmware internally translates that to cifs shares (using
> samba code?).

Ah yes, I think VMWare has an integrated virtual SMB server... Scary! :-)

Cheers,
Mark

>
> /nils.
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

> Would such a thing be interesting for xen? Or would that be too evil? I
> really missed hostfs when i switched from UML to xen.

As I mentioned in my other e-mail, it would be possible to implement a fairly
close approximation to hostfs under Xen.

I'm actually working on a Xen shared filesystem (although I'm currently
distracted with other work). This is intended as a replacement for NFS but
implemented in a way which is highly optimised for a intra-machine sharing
under Xen. This will make a substantially more complex implementation but
should give way better performance and resource usage.

A prototype implementation will be announced on the list when it's ready :-)

Cheers,
Mark

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

On 5/20/05, Mark Williamson <mark.williamson@cl.cam.ac.uk> wrote:
> > Would such a thing be interesting for xen? Or would that be too evil? I
> > really missed hostfs when i switched from UML to xen.
>
> As I mentioned in my other e-mail, it would be possible to implement a fairly
> close approximation to hostfs under Xen.
>
> I'm actually working on a Xen shared filesystem (although I'm currently
> distracted with other work). This is intended as a replacement for NFS but
> implemented in a way which is highly optimised for a intra-machine sharing
> under Xen. This will make a substantially more complex implementation but
> should give way better performance and resource usage.
>
> A prototype implementation will be announced on the list when it's ready :-)

cant wait to try XenFS, Mark ;-)

regards,
aq

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Am Freitag, den 20.05.2005, 15:37 +0900 schrieb aq:
> On 5/20/05, Mark Williamson <mark.williamson@cl.cam.ac.uk> wrote:
> > > Would such a thing be interesting for xen? Or would that be too evil? I
> > > really missed hostfs when i switched from UML to xen.
> >
> > As I mentioned in my other e-mail, it would be possible to implement a fairly
> > close approximation to hostfs under Xen.
> >
> > I'm actually working on a Xen shared filesystem (although I'm currently
> > distracted with other work). This is intended as a replacement for NFS but
> > implemented in a way which is highly optimised for a intra-machine sharing
> > under Xen. This will make a substantially more complex implementation but
> > should give way better performance and resource usage.
> >
> > A prototype implementation will be announced on the list when it's ready :-)
>
> cant wait to try XenFS, Mark ;-)

Did i already mention that i love the xen team ;) ?

/nils.


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users