[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver
On Wed, 2006-07-26 at 18:51 -0400, Reiner Sailer wrote: > > > > > > So basically, the xenstore++ is in a stripped down secured domain > and > > someone with role-based access privileges communicates with xenstore > ++ > > to connect a resource to a domain. Xenstore++ checks the > permissions > > and sets up the connection where the protocol description to use is > an > > attribute of the resource class. The protocol is policed and if > it's > > violated then either the resource provider (BE) or consumer (FE) or > both > > get blown away. > > > > There can be generic mechanisms in xenstore++ for colouring > resources > > and grouping roles etc to do fancy MAC stuff. > > > > > > ...or something like that. > > > > Harry. > > > > Hmm... this is not how I see xenstore today. Did you discuss what it > takes to implement the "++"? > (especially the part where you suggest moving xenstore in its on > secured domain sounds very interesting) No. I didn't discuss what it would take to implement it. Personally I'd start by defining a fault-tolerant cluster architecture and then build it inside that. That would be a fair bit of work up-front but I think a lot of the significant use-cases demand it and it would have a discriminating impact on the implementation. > > Would this be a non-intrusive change to Xen? Probably not with my approach :-) > > Reiner _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |