Difference between revisions of "SVirt/TODO"
From SELinux Wiki
JamesMorris (Talk | contribs) |
JamesMorris (Talk | contribs) (→For v0.30) |
||
(41 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
=== For v0.30 === | === For v0.30 === | ||
+ | * <s>Fix SELinux build configuration</s> | ||
+ | * <s>Simplify qemudNodeGetSecurityModel</s> | ||
+ | * <s>Add "test" security driver</s> | ||
+ | * <s>Fix security driver probe logic</s> | ||
+ | * <s>Ensure VIR_CONNECT_RO checked where appropriate</s> | ||
− | + | ==== (via feedback from v0.20) ==== | |
− | + | ||
+ | * <s>Move security model/doi to last fields in virsh dominfo</s> | ||
+ | * <s>Change virDomainSecLabel -> virSecurityLabel</s> | ||
+ | ** <s>similar change to API calls</s> | ||
+ | * <s>Change virDomainSecModel -> virSecurityModel</s> | ||
+ | ** <s>similar change to API calls</s> | ||
+ | ** <s>general renaming then of seclabel to security</s> | ||
+ | * <s>Use CHECK_LIB/HEADER to detect libselinux (and fix build system in general)</s> | ||
+ | * <s>Rename virDomainGetSecModel to virNodeGetSecurityModel</s> | ||
+ | * <s>''Integrate model into SecurityLabel (in case node config differs) ?'' [n/a]</s> | ||
+ | * <s>Change -2 error returns to -1</s> | ||
+ | * <s>Use remoteDispatchOOMError() for OOM errors</s> | ||
+ | * <s>Create virXPathStringLimit() from virDomainSecLabelDefParseXMLString()</s> | ||
+ | |||
+ | ---- | ||
+ | |||
+ | === For v0.40 === | ||
+ | * MCS dynamic labeling for simple isolation | ||
---- | ---- | ||
Line 12: | Line 33: | ||
=== Before v1.00 === | === Before v1.00 === | ||
− | * | + | * Convert existing storage labeling |
− | * | + | * Move libvirt symbols to public API before merge. |
− | * Review overall policy to ensure e.g. all command-line tools catered for, things memory peek don't breach design etc. | + | * Identify which tools and related docs need to be made sVirt-aware |
+ | |||
+ | * Security review by KVM and core virt folk | ||
+ | |||
+ | * Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc. | ||
+ | |||
+ | * Policy for save/dump/restore | ||
* Integration with GUI tools (virt-manager etc.) | * Integration with GUI tools (virt-manager etc.) | ||
− | * General OS integration | + | * General OS integration |
− | * Basic storage labeling support. | + | * Basic storage labeling support (investigate labeling for non-image devices, e.g. mapping UUID, HAL etc.) |
+ | ** Possibly include context-mount labeling of NFS bind mounts for remote images | ||
− | * Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here) | + | * Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here) |
− | * Find owner for Fedora (dwalsh or danpb ?) and add to feature wiki | + | * Find owner for Fedora (dwalsh or danpb ?) and add to feature wiki |
− | * Investigate generator.py for new API calls | + | * Investigate generator.py for new API calls |
− | * Make autostart work properly | + | * Make autostart work properly |
− | * Policy for /dev/kvm (and similar) | + | * Policy for /dev/kvm (and similar) |
* Policy for control sockets, virtual console, vnc access, shared devices, parent/child communications etc. | * Policy for control sockets, virtual console, vnc access, shared devices, parent/child communications etc. | ||
− | * Placement and policy for VM log files | + | * Placement and policy for VM log files |
− | * Debug integration with audit subsystem | + | * Debug integration with audit subsystem |
− | * Add testcases to libvirt test framework | + | * Add testcases to libvirt test framework |
+ | ** Expand "test" security driver | ||
− | * Handle qemud restart | + | * Handle qemud restart |
+ | * Integration with oVirt ? | ||
+ | |||
+ | * libvirtd config: require enforcing mode option ? | ||
+ | |||
+ | * Do we need MAC policy for defining and undefining domains? | ||
---- | ---- | ||
Line 49: | Line 83: | ||
=== Post v1.00 === | === Post v1.00 === | ||
− | * Support for session mode (not just system mode) | + | * Support for session mode (not just system mode) |
+ | ** Integrate with RBAC/UBAC ? | ||
− | * Make DOI configurable | + | * Make DOI configurable |
− | * Migrate isolated domains between security models | + | * Migrate isolated domains between security models |
* Deployment of labeled appliances via virt-image etc. | * Deployment of labeled appliances via virt-image etc. | ||
− | * Migration of labeled domains. | + | * Migration of labeled domains |
+ | |||
+ | * Integration with virtual firewalling | ||
+ | |||
+ | * Integration with Labeled Networking/IPSec/Labeled NFS (e.g. use of overlay VPNs for networks on host) | ||
+ | |||
+ | * Extensive device labeling support | ||
+ | ** Labeling for all kinds of devices | ||
+ | ** Boot from network storage | ||
− | * | + | * Strong binding of resources to domains, via e.g. crypto, TPM, vTPM etc. |
− | * | + | * Support virtualization in policy generation wizard |
− | * | + | * Support for other security models (SMACK) |
Latest revision as of 06:40, 13 January 2009
Contents
sVirt To Do List
For v0.30
-
Fix SELinux build configuration -
Simplify qemudNodeGetSecurityModel -
Add "test" security driver -
Fix security driver probe logic -
Ensure VIR_CONNECT_RO checked where appropriate
(via feedback from v0.20)
-
Move security model/doi to last fields in virsh dominfo -
Change virDomainSecLabel -> virSecurityLabel-
similar change to API calls
-
-
Change virDomainSecModel -> virSecurityModel-
similar change to API calls -
general renaming then of seclabel to security
-
-
Use CHECK_LIB/HEADER to detect libselinux (and fix build system in general) -
Rename virDomainGetSecModel to virNodeGetSecurityModel -
Integrate model into SecurityLabel (in case node config differs) ? [n/a] -
Change -2 error returns to -1 -
Use remoteDispatchOOMError() for OOM errors -
Create virXPathStringLimit() from virDomainSecLabelDefParseXMLString()
For v0.40
- MCS dynamic labeling for simple isolation
Before v1.00
- Convert existing storage labeling
- Move libvirt symbols to public API before merge.
- Identify which tools and related docs need to be made sVirt-aware
- Security review by KVM and core virt folk
- Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc.
- Policy for save/dump/restore
- Integration with GUI tools (virt-manager etc.)
- General OS integration
- Basic storage labeling support (investigate labeling for non-image devices, e.g. mapping UUID, HAL etc.)
- Possibly include context-mount labeling of NFS bind mounts for remote images
- Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here)
- Find owner for Fedora (dwalsh or danpb ?) and add to feature wiki
- Investigate generator.py for new API calls
- Make autostart work properly
- Policy for /dev/kvm (and similar)
- Policy for control sockets, virtual console, vnc access, shared devices, parent/child communications etc.
- Placement and policy for VM log files
- Debug integration with audit subsystem
- Add testcases to libvirt test framework
- Expand "test" security driver
- Handle qemud restart
- Integration with oVirt ?
- libvirtd config: require enforcing mode option ?
- Do we need MAC policy for defining and undefining domains?
Post v1.00
- Support for session mode (not just system mode)
- Integrate with RBAC/UBAC ?
- Make DOI configurable
- Migrate isolated domains between security models
- Deployment of labeled appliances via virt-image etc.
- Migration of labeled domains
- Integration with virtual firewalling
- Integration with Labeled Networking/IPSec/Labeled NFS (e.g. use of overlay VPNs for networks on host)
- Extensive device labeling support
- Labeling for all kinds of devices
- Boot from network storage
- Strong binding of resources to domains, via e.g. crypto, TPM, vTPM etc.
- Support virtualization in policy generation wizard
- Support for other security models (SMACK)