Re: [MirageOS-devel] Merging XenStore+MAC

[James Bielman <jamesjb@xxxxxxxxxx>]

Hi David,

On 09/09/2014 08:07 AM, David Scott wrote:

On Mon, Sep 8, 2014 at 11:23 PM, James Bielman <jamesjb@xxxxxxxxxx> wrote:

After some time looking at the Irmin-based Xenstore, I have a few questions:

- Is the repository at https://github.com/mirage/ocaml-xenstore-server the one I should be tracking, or is there a development repository?

Yes, that's the latest one. Note it's not in a fully working state-- when integrating irmin I unhooked a bunch of stuff so that I could refactor the core more quickly. The following features are (temporarily) unhooked:

- interdomain rings (unix domain socket still works)

- ACLs

- watches

- Xen kernel build

Now that the irmin core is working it's probably time to start re-adding these.

If you had complete freedom, what would your ideal interface be?

I've been looking at this merge again this week and wondering if there are any updates on getting the XenStore security features hooked up in this repository. I'd really like to get the MAC patches into shape to be considered for merging as soon as possible into whichever Mirage-based XenStore will likely be used by the community going forward.

As for the interface, I have a first pass at something in this forked repository:

 https://github.com/GaloisInc/ocaml-xenstore-server

Specifically, the 'server/security.mli' module.

This isn't final yet, and the rest of the changes are pretty incomplete, but the general idea is to add another module parameter for a security interface (at least for MAC, maybe use it for the DAC as well?). I'd certainly appreciate any feedback you have on this design.

Thanks!
James

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel