[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver

On 25 Jul 2006, at 01:21, Reiner Sailer wrote:

Bryan's differentiation makes sense to me. The hooks serve different purposes:

The xm tools hook is the "usability hook" that ensures users that domains that get started actually can access their resources.

The block-backend hook is the "enforcement hook" that independently enforces access control at the time when a resource is mounted.

Right now, both hooks are in the 'large' Domain0. I can imagine that the xm create resource validation hook eventually moves into a Xen management GUI that verifies at management time if a domain configuration is "policy-conform". The block-backend hook could eventually move together with the block-backend device into a block device domain for run-time policy enforcement.

The tools hook is not just a usability/conformity check. The check ensures that the tools will not set up entries in xenstore that would allow blkback to create a non-conformant vbd. So there is no way for a guest to trick blkback into creating a non-conformant vbd: it can only connect to vbds specified in its config file or added later via the vbd-add xm hotplug command. The tools stack should perform its compiance checks on both 'xm create' and 'xm vbd-add', and that should be sufficient.

You have a point about it being nice to check things at the lowest possible level, but I'm not inclined to add extra crud into the device drivers for this unless more people scream for it. :-)

 -- Keir

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.