SVirt/TODO
From SELinux Wiki
Revision as of 00:47, 10 December 2008 by JamesMorris (Talk | contribs)
sVirt To Do List
For v0.30
- Fix have/with SELinux build configuration
- Convert existing storage labeling
Before v1.00
- MCS dynamic labeling for simple isolation.
- Security review by KVM and core virt folk.
- Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc.
- Integration with GUI tools (virt-manager etc.)
- General OS integration.
- Basic storage labeling support.
- Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here).
- Find owner for Fedora (dwalsh or danpb ?) and add to feature wiki.
- Investigate generator.py for new API calls.
- Make autostart work properly.
- Policy for /dev/kvm (and similar).
- Policy for control sockets, virtual console, vnc access, shared devices, parent/child communications etc.
- Placement and policy for VM log files.
- Debug integration with audit subsystem.
- Add testcases to libvirt test framework.
- Handle qemud restart.
Post v1.00
- Support for session mode (not just system mode).
- Make DOI configurable.
- Migrate isolated domains between security models.
- Deployment of labeled appliances via virt-image etc.
- Migration of labeled domains.
- Integration with virtual firewalling.
- Integration with Labeled Networking/IPSec/Labeled NFS.
- Extensive device labeling support.