[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver

On Wed, 2006-07-26 at 18:51 -0400, Reiner Sailer wrote:
> > 
> > So basically, the xenstore++ is in a stripped down secured domain
> and
> > someone with role-based access privileges communicates with xenstore
> ++
> > to connect a resource to a domain.  Xenstore++ checks the
> permissions
> > and sets up the connection where the protocol description to use is
> an
> > attribute of the resource class.  The protocol is policed and if
> it's
> > violated then either the resource provider (BE) or consumer (FE) or
> both
> > get blown away.
> > 
> > There can be generic mechanisms in xenstore++ for colouring
> resources
> > and grouping roles etc to do fancy MAC stuff.
> > 
> > 
> > ...or something like that.
> > 
> > Harry.
> > 
> Hmm... this is not how I see xenstore today. Did you discuss what it
> takes to implement the "++"? 
> (especially the part where you suggest moving xenstore in its on
> secured domain sounds very interesting) 

No.  I didn't discuss what it would take to implement it.

Personally I'd start by defining a fault-tolerant cluster architecture
and then build it inside that.  That would be a fair bit of work
up-front but I think a lot of the significant use-cases demand it and it
would have a discriminating impact on the implementation.

> Would this be a non-intrusive change to Xen? 

Probably not with my approach :-)

> Reiner 

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.