On Wednesday, 03/19/2014 at 09:36 EDT, Neale Ferguson <ne...@sinenomine.net> wrote: > Attention: > - To avoid data inconsistencies, set the DASDs offline in z/OS before you mount > them in Linux. > - Through the zdsfs file system, the whole DASDs are accessible to Linux, but > the access is not controlled by z/OS auditing mechanisms. > > To avoid security problems, you might want to dedicate the z/OS DASDs only > for providing data for Linux.
In the same way a z/VM Linux guest can read CMS files, Linux can now read MVS data for all the same reasons. Nice if you want to keep some Linux configuration data on z/OS (particularly IP configs). If you do this, you should relegate the Linux data to datasets on a separate volume that is not used for automatic dataset allocation and that is not under SMS control. This prevents dataset migration since they will appear to never be used (except when you update them), and it avoids unaudited access to datasets that are not intended for access by the Linux server. If you have traditional z/OS data that you want to share with Linux, copy it to a dataset on that separate volume. As usual, when running Linux native in an LPAR, ensure that the LPAR has access only to the specific z/OS volumes that contain the Linux data. All of the expected cautions about writing to the datasets while Linux is trying to read them applies. Hence the suggestion for the volume to be offline to MVS since z/OS is unaware of the access. Alan Altmark Senior Managing z/VM and Linux Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
