[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] Merging XenStore+MAC


> On 9 Nov 2014, at 22:26, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote:
> On 31 Oct 2014, at 19:24, James Bielman <jamesjb@xxxxxxxxxx> wrote:
>> Hi David,
>> On 09/09/2014 08:07 AM, David Scott wrote:
>>> On Mon, Sep 8, 2014 at 11:23 PM, James Bielman <jamesjb@xxxxxxxxxx> wrote:
>>> After some time looking at the Irmin-based Xenstore, I have a few questions:
>>> - Is the repository at https://github.com/mirage/ocaml-xenstore-server the 
>>> one I should be tracking, or is there a development repository?
>>> Yes, that's the latest one. Note it's not in a fully working state-- when 
>>> integrating irmin I unhooked a bunch of stuff so that I could refactor the 
>>> core more quickly. The following features are (temporarily) unhooked:
>>> - interdomain rings (unix domain socket still works)
>>> - ACLs
>>> - watches
>>> - Xen kernel build
>>> Now that the irmin core is working it's probably time to start re-adding 
>>> these.
>>> If you had complete freedom, what would your ideal interface be?
>> I've been looking at this merge again this week and wondering if there are 
>> any updates on getting the XenStore security features hooked up in this 
>> repository.  I'd really like to get the MAC patches into shape to be 
>> considered for merging as soon as possible into whichever Mirage-based 
>> XenStore will likely be used by the community going forward.
>> As for the interface, I have a first pass at something in this forked 
>> repository:
>>   https://github.com/GaloisInc/ocaml-xenstore-server
>> Specifically, the 'server/security.mli' module.
>> This isn't final yet, and the rest of the changes are pretty incomplete, but 
>> the general idea is to add another module parameter for a security interface 
>> (at least for MAC, maybe use it for the DAC as well?).  I'd certainly 
>> appreciate any feedback you have on this design.
> Thanks for this, James.  Any chance you could open up a pull request against 
> mirage/ocaml-xenstore-server?  That marks it as an open patch so we don't 
> have to go fork hunting.

A pull request would indeed be helpful! I had a quick read through of the 
security.mli and it looks reasonable to me (although Iâm not a security 
expert). Merging it in sooner rather than later sounds like a good idea to me.

My next xenstore-related task is to enhance the APIs of the shared-memory-ring 
module to better support restarting after a crash. Once Iâve done that Iâll try 
to tidy up the core which is still half-way through being converted to Irmin. 
Once both of those tasks are completed the core should start looking pretty 
simple â itâll only have the xenstore-specific stuff in it which should make it 
easier to read.

MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.