Hi,all A instance was created by virsh command in the CentOS 6.4.
The LUN in the Storage Array Network(SAN) was attached to the instance with the
following xml.
<disk type='block' device='lun'>
<driver name='qemu' type='raw' cache='none'/>
<source dev='/dev/mapper/360022a110000ecba5db427db00000023'/>
<target dev='vdb' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06'
function='0x0'/>
</disk>
<controller type='scsi' model='virtio-scsi'/>
A scsi report command was executed in the instance, for example "sg_luns
/dev/vdb". However, It returned the list of the Luns in the SAN.
1) The unrelated luns in the SAN were not isolated in the instance.
[root@localhost ~]# sg_luns /dev/vdb
Lun list length = 80 which imples 10 lun entries
Report luns [select_report=0]:
0000000000000000
0001000000000000
0002000000000000
0003000000000000
0004000000000000
0005000000000000
0006000000000000
0007000000000000
0008000000000000
0009000000000000
[root@localhost ~]#sg_map
Stopping because no sg device found
[root@localhost ~]#
[root@localhost ~]#
[cid:[email protected]]
2) The report lun command in the physical server:
[root@qixiaozhen sdb]# sg_luns /dev/mapper/360022a110000ecba5db427db00000023
Lun list length = 80 which imples 10 lun entries
Report luns [select_report=0x0]:
0000000000000000
0001000000000000
0002000000000000
0003000000000000
0004000000000000
0005000000000000
0006000000000000
0007000000000000
0008000000000000
0009000000000000
[root@qixiaozhen sdb]#
Is there any security problem if the report lun command was not isolated ?
Sincerely,
Qi
-----------------------------------------------------------
Xiaozhen Qi
Huawei Technologies Co.,LTD.
IT Product Line CloudOS PDU
China, Xi'an
Mobile: +86-13609283376
Email: [email protected]
<<inline: image009.png>>
