Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentENTERPRISE LINUX 5 - VIRTUALIZATION GUIDE
251252253254255256257258259260
Deleting and removing volumes
241
Block device security - disk labels
The host should not use disk labels to identify file systems in the fstab file, the initrd file or
on the kernel command line. Doing so presents a security risk if less privileged users, such as
virtualized guests, have write access to whole partitions or LVM volumes.
A virtualized guest could write a disk label belonging to the host, to its own block device storage.
Upon reboot of the host, the host could then mistakenly use the virtualized guests disk as a
system disk, compromising the host system.
Block device security - whole disk access
Guests should not be given write access to whole disks or block devices (for example, /dev/
sdb). Virtualized guests with access to block devices may be able to access other block devices
on the system or modify volume labels which can be used to compromise the host system. Use
partitions (for example, /dev/sdb1) or LVM volumes to prevent this issue.
27.4. Deleting and removing volumes
This section shows how to delete a disk volume from a block based storage pool.
# virsh vol-delete --pool guest_images_disk volume1
Vol volume1 deleted
# virsh vol-list guest_images_disk
Name Path
-----------------------------------------
volume2 /dev/sdb2
volume3 /dev/sdb3
# parted -s /dev/sdb print
Model: ATA ST3500418AS (scsi)
Disk /dev/sdb: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
2 8590MB 17.2GB 8590MB primary
3 17.2GB 25.8GB 8590MB primary
#