Bug 723023

Summary: Dom0 is able to mapping all the LVM structure when a domU creates a new PV in a block device without a partition table
Product: Red Hat Enterprise Linux 5 Reporter: Raul Cheleguini <rcheleguini>
Component: xenAssignee: Xen Maintainance List <xen-maint>
Status: CLOSED NOTABUG QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 5.6CC: akaiser, drjones, jmunilla, leiwang, pcao, qwan, xen-maint
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-19 07:20:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Raul Cheleguini 2011-07-18 18:51:25 UTC 
Description of problem:

Dom0 is able to mapping all the LVM structure when a domU creates a new PV in a block device without a partition table.

Version-Release number of selected component (if applicable):

Tests performed in the following environment :

dom0 :

xen ~]# uname -a
Linux rchelegu-xen 2.6.18-238.12.1.el5xen #1 SMP Sat May 7 20:38:04 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
xen ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 5.6 (Tikanga)
xen ~]# rpm -q xen
xen-3.0.3-120.el5_6.2
xen ~]# rpm -q lvm2
lvm2-2.02.74-5.el5

How reproducible:

Always.

Steps to Reproduce:

1. Create a new domU ;
2. Associate a logical volume to this domU ;
3. In domU environment, create a new Physical Volume (pvcreate) without a partition table (fdisk).
  
Actual results:

dom0 is able to mapping the LVM structure, like the example below :

xen ~]# xm list
Name                                      ID Mem(MiB) VCPUs State   Time(s)
Domain-0                                   0     1480     4 r-----  23332.1
rhel5-paravirt                             9      511     2 -b----     56.7
xen ~]# vgs -o +uuid
  VG         #PV #LV #SN Attr   VSize    VFree   VG UUID                               
  VolGroup00   2   4   0 wz--n-   19.84G   2.03G UOiFFZ-ZgZw-UcVF-Sqck-46zS-0GH6-f8X53T
  domU-vg      1   1   0 wz--n- 1020.00M 764.00M tVd2YI-PI7P-teyT-oHyf-hZS5-Nqcz-iQXabm

xen ~]# xm console rhel5-paravirt

Red Hat Enterprise Linux Server release 5.5 (Tikanga)
Kernel 2.6.18-194.el5xen on an x86_64

localhost.localdomain login: root
Password: 
Last login: Mon Jul 18 13:40:53 on tty1
[root@localhost ~]# vgs -o +uuid
  VG         #PV #LV #SN Attr   VSize    VFree   VG UUID                               
  VolGroup00   1   2   0 wz--n-    2.81G      0  JfBYRf-luaU-zxft-DdW0-fBRH-mZLI-tdphRV
  domU-vg      1   1   0 wz--n- 1020.00M 764.00M tVd2YI-PI7P-teyT-oHyf-hZS5-Nqcz-iQXabm

xen ~]# cat /etc/xen/rhel5-paravirt 
name = "rhel5-paravirt"
uuid = "36efabdd-f7a8-8d8b-d755-f0c9e5287a75"
maxmem = 512
memory = 512
vcpus = 2
bootloader = "/usr/bin/pygrub"
on_poweroff = "destroy"
on_reboot = "restart"
on_crash = "restart"
vfb = [ "type=vnc,vncunused=1,keymap=en-us" ]
disk = [ "phy:/dev/mapper/VolGroup00-rhel5--00,xvda,w", "phy:/dev/mapper/VolGroup00-rhel5--01,xvdb,w" ]
vif = [ "mac=00:16:36:5e:5b:61,bridge=virbr0,script=vif-bridge" ]

Expected results:

For security reasons, dom0 should not be able to view the domU meta data.