Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions

  




 

 

Red Hat Enterprise Linux 6 Essentials eBook now available in PDF and ePub formats for only $9.99
RHEL 6 Essentials contains 40 chapters and over 250 pages.

27.3.2. Adding hard drives and other block devices to a guest

System administrators use additional hard drives to provide increased storage space for a guest, or to separate system data from user data.
Procedure 27.1. Adding physical block devices to virtualized guests
This procedure describes how to add a hard drive on the host to a virtualized guest. It applies to all physical block devices, including CD-ROM, DVD and floppy devices.
  1. Physically attach the hard disk device to the host. Configure the host if the drive is not accessible by default.
  2. Configure the device with multipath and persistence on the host if required.
  3. Use the virsh attach command as below, replacing:
    # virsh attach-disk myguest /dev/sdb1 sdc --driver tap --mode readonly
    
    • myguest with the name of the guest.
    • /dev/sdb1 with the device on the host to add.
    • sdc with the location on the guest where the device should be added. It must be an unused device name.
      Use the sd* notation for Windows guests as well, the guest will recognize the device correctly.
    • Only include the --mode readonly parameter if the device should be read only to the guest.
    Additionally, there are optional arguments that may be added:
    • Append the --type hdd parameter to the command for CD-ROM or DVD devices.
    • Append the --type floppy parameter to the command for floppy devices.
  4. The guest now has a new hard disk device called /dev/sdb on Linux or D: drive, or similar, on Windows. This device may require formatting.

Block device security - disk labels

The host should not use disk labels to identify file systems in the fstab file, the initrd file or on the kernel command line. Doing so presents a security risk if less privileged users, such as virtualized guests, have write access to whole partitions or LVM volumes.
A virtualized guest could write a disk label belonging to the host, to its own block device storage. Upon reboot of the host, the host could then mistakenly use the virtualized guests disk as a system disk, compromising the host system.

Block device security - whole disk access

Guests should not be given write access to whole disks or block devices (for example, /dev/sdb). Virtualized guests with access to block devices may be able to access other block devices on the system or modify volume labels which can be used to compromise the host system. Use partitions (for example, /dev/sdb1) or LVM volumes to prevent this issue.

 
 
  Published under the terms of the Creative Commons License Design by Interspire