[DGD] Virtualization, in the Xen or VMware sense.
bart at wotf.org
bart at wotf.org
Thu Aug 28 21:35:18 CEST 2008
Hmm, from the top of my head..
- Per VM resource limits, and having seperate resource management in each VM.
- A mechanism to connect incomming network connections to a specific VM
- Per VM object_d
- InterVM communications
I bet there is more, but it has been a few years.
On Thu, 28 Aug 2008 01:14:19 -0700, Shentino wrote
> Filenames were already on the "todo list" of things to be
> "trasnslated" ;). I was going to use the real Klib's own security
> mechanisms on home dirs to protect them from inappropriately
> accessing each other's files.
>
> Basically, a VM called "foobar" would have all of its files in
> /home/foobar, and all objects would be owned by "foobar' as far as
> the real Klib, used by the VMM, is concerned.
>
> Secondly, object based security would be handled similiarly, simply
> treating any "VM-ese" filename as a real filename with the VM
> specific prefix of /home/<vm name>.
>
> Anything "returning" a filename would be translated from the real
> filename to a stripped version meant for VM visibility. If the
> prefix doesn't match, then zomg, there's been a leakage.
>
> What could be tricky is converting the Klib into a VMM friendly
> version. Either the real klib needs amended, or the version exposed
> to the VMs needs amended. There's nomask functions in the Klib...
>
> Anyway, thanks for mentioning filenames. It is, if nothing else,
> emphasis on something I already thought of. Are there any other
> catches I need to be aware of apart from blocking driver-wide effects
> (shutdown, statedump, etc)
> ___________________________________________
> https://mail.dworkin.nl/mailman/listinfo/dgd
--
Created with Open WebMail at http://www.bartsplace.net/
Read my weblog at http://soapbox.bartsplace.net/
More information about the DGD
mailing list