[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-API] Proposal to change committers for the XAPI Project

On 15 May 2014, at 15:56, Thomas Sanders <thomas.sanders@xxxxxxxxxx> wrote:
> I care about security. I was the tech lead for the work of getting a
> slightly customised version of XenServer 6.0.2 through Common Criteria
> certification. I'd love a chance to apply a capability-based[1] approach
> where it makes sense. We could probably use OCaml's type system to get
> more assurances of correctness than we do at present. I look forward to
> dom0 services being split out into individual service VMs or stub-
> domains.

It's really interesting to hear this.  There is an information-flow variant
of OCaml called FlowCaml [1] that could be resurrected fairly easily if
a suitable use case came up (like CC cert).

This lets the programmer understand how information is travelling across
various modules in a complex codebase.  Dave and Thomas have also been
pulling out the core logic of Xenstore into a separate Git-like database
called Irmin [2] that captures the entire provenance trace of an OCaml
program in a format that can be analysed programmatically or via the standard
Git command-line tool.

Finally, Jon's been improving the support for vchan in MirageOS to make
it easier to build communicating stub domains.  So between all these
recent advances, it could be that building a disaggregated xapi is almost
within reach.  The main task is probably to unify the Xapi database layer
with the Xenstore database, so that all the information flow is in one

[1] http://www.normalesup.org/~simonet/soft/flowcaml/
[2] https://github.com/mirage/irmin
[3] http://openmirage.org

Xen-api mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.