[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MirageOS-devel] Merging XenStore+MAC

Hi all,

I'm doing some investigation into what it will take to merge our XenStore mandatory access control patches into the latest Mirage XenStore code base. My plan is to first submit a proposed interface for security modules to XenStore, pushing as much as possible into the external Flask module to keep the patch size down.

After some time looking at the Irmin-based Xenstore, I have a few questions:

- Is the repository at https://github.com/mirage/ocaml-xenstore-server the one I should be tracking, or is there a development repository?

- I've been unable to compile a standalone Xen kernel because "mirage-xen" wants to install "xenstore" via OPAM, which conflicts with "ocaml-xenstore-server". Should that be working? Do I need to update to Mirage 2.x?

- I see some code that appears to support mounting virtual trees of some sort (in server/mount.ml), but it doesn't seem to be used currently? One feature I need to do this integration is a virtual "/label" tree for reading/writing nodes security labels. What is the best way to implement a virtual subtree like this currently?

- Likewise, I see code doing DAC checks in some modules, but those modules don't appear to be included in the build. Am I missing something or is the current version not performing access checks? Perhaps because the interdomain transport isn't being used?


MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.