WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkb

To: Reiner Sailer <sailer@xxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Tue, 25 Jul 2006 10:53:05 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, Bryan D Payne <bdpayne@xxxxxxxxxx>
Delivery-date: Tue, 25 Jul 2006 02:53:28 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <OFBCD03923.2A3751C2-ON852571B6.0000084B-852571B6.0001F1C1@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <OFBCD03923.2A3751C2-ON852571B6.0000084B-852571B6.0001F1C1@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

On 25 Jul 2006, at 01:21, Reiner Sailer wrote:

Bryan's differentiation makes sense to me. The hooks serve different purposes:

The xm tools hook is the "usability hook" that ensures users that domains that get started actually can access their resources.

The block-backend hook is the "enforcement hook" that independently enforces access control at the time when a resource is mounted.

Right now, both hooks are in the 'large' Domain0. I can imagine that the xm create resource validation hook eventually moves into a Xen management GUI that verifies at management time if a domain configuration is "policy-conform". The block-backend hook could eventually move together with the block-backend device into a block device domain for run-time policy enforcement.

The tools hook is not just a usability/conformity check. The check ensures that the tools will not set up entries in xenstore that would allow blkback to create a non-conformant vbd. So there is no way for a guest to trick blkback into creating a non-conformant vbd: it can only connect to vbds specified in its config file or added later via the vbd-add xm hotplug command. The tools stack should perform its compiance checks on both 'xm create' and 'xm vbd-add', and that should be sufficient.

You have a point about it being nice to check things at the lowest possible level, but I'm not inclined to add extra crud into the device drivers for this unless more people scream for it. :-)

 -- Keir


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>