Xen project Mailing List

Re: [MirageOS-devel] Merging XenStore+MAC

To: Anil Madhavapeddy <anil@xxxxxxxxxx>

From: Dave Scott <Dave.Scott@xxxxxxxxxx>

Date: Mon, 10 Nov 2014 15:41:21 +0000

Accept-language: en-GB, en-US

Cc: "mirageos-devel@xxxxxxxxxxxxxxxxxxxx" <mirageos-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 10 Nov 2014 15:41:29 +0000

List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

Thread-index: AQHPy7OisVGVUxbzwU+SvMcVv95pRpv4xpAAgFIR+4CADle7gIABIRsA

Thread-topic: [MirageOS-devel] Merging XenStore+MAC

HI, > On 9 Nov 2014, at 22:26, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote: > > On 31 Oct 2014, at 19:24, James Bielman <jamesjb@xxxxxxxxxx> wrote: >> >> Hi David, >> >> On 09/09/2014 08:07 AM, David Scott wrote: >>> >>> On Mon, Sep 8, 2014 at 11:23 PM, James Bielman <jamesjb@xxxxxxxxxx> wrote: >>> >>> After some time looking at the Irmin-based Xenstore, I have a few questions: >>> >>> - Is the repository at https://github.com/mirage/ocaml-xenstore-server the >>> one I should be tracking, or is there a development repository? >>> >>> Yes, that's the latest one. Note it's not in a fully working state-- when >>> integrating irmin I unhooked a bunch of stuff so that I could refactor the >>> core more quickly. The following features are (temporarily) unhooked: >>> >>> - interdomain rings (unix domain socket still works) >>> - ACLs >>> - watches >>> - Xen kernel build >>> >>> Now that the irmin core is working it's probably time to start re-adding >>> these. >>> >>> If you had complete freedom, what would your ideal interface be? >>> >> >> I've been looking at this merge again this week and wondering if there are >> any updates on getting the XenStore security features hooked up in this >> repository. I'd really like to get the MAC patches into shape to be >> considered for merging as soon as possible into whichever Mirage-based >> XenStore will likely be used by the community going forward. >> >> As for the interface, I have a first pass at something in this forked >> repository: >> >> https://github.com/GaloisInc/ocaml-xenstore-server >> >> Specifically, the 'server/security.mli' module. >> >> This isn't final yet, and the rest of the changes are pretty incomplete, but >> the general idea is to add another module parameter for a security interface >> (at least for MAC, maybe use it for the DAC as well?). I'd certainly >> appreciate any feedback you have on this design. > > Thanks for this, James. Any chance you could open up a pull request against > mirage/ocaml-xenstore-server? That marks it as an open patch so we don't > have to go fork hunting. A pull request would indeed be helpful! I had a quick read through of the security.mli and it looks reasonable to me (although Iâm not a security expert). Merging it in sooner rather than later sounds like a good idea to me. My next xenstore-related task is to enhance the APIs of the shared-memory-ring module to better support restarting after a crash. Once Iâve done that Iâll try to tidy up the core which is still half-way through being converted to Irmin. Once both of those tasks are completed the core should start looking pretty simple â itâll only have the xenstore-specific stuff in it which should make it easier to read. Cheers, Dave _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.