Difference between revisions of "SVirt/TODO"
From SELinux Wiki
JamesMorris (Talk | contribs) m (→Before v1.00) |
JamesMorris (Talk | contribs) m (→Post v1.00) |
||
Line 49: | Line 49: | ||
=== Post v1.00 === | === Post v1.00 === | ||
− | * Support for session mode (not just system mode) | + | * Support for session mode (not just system mode) |
− | * Make DOI configurable | + | * Make DOI configurable |
− | * Migrate isolated domains between security models | + | * Migrate isolated domains between security models |
* Deployment of labeled appliances via virt-image etc. | * Deployment of labeled appliances via virt-image etc. | ||
− | * Migration of labeled domains | + | * Migration of labeled domains |
− | * Integration with virtual firewalling | + | * Integration with virtual firewalling |
− | * Integration with Labeled Networking/IPSec/Labeled NFS | + | * Integration with Labeled Networking/IPSec/Labeled NFS |
− | * Extensive device labeling support | + | * Extensive device labeling support |
Revision as of 00:52, 10 December 2008
sVirt To Do List
For v0.30
- Fix have/with SELinux build configuration
- Convert existing storage labeling
Before v1.00
- MCS dynamic labeling for simple isolation
- Security review by KVM and core virt folk
- Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc.
- Integration with GUI tools (virt-manager etc.)
- General OS integration
- Basic storage labeling support
- Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here)
- Find owner for Fedora (dwalsh or danpb ?) and add to feature wiki
- Investigate generator.py for new API calls
- Make autostart work properly
- Policy for /dev/kvm (and similar)
- Policy for control sockets, virtual console, vnc access, shared devices, parent/child communications etc.
- Placement and policy for VM log files
- Debug integration with audit subsystem
- Add testcases to libvirt test framework
- Handle qemud restart
Post v1.00
- Support for session mode (not just system mode)
- Make DOI configurable
- Migrate isolated domains between security models
- Deployment of labeled appliances via virt-image etc.
- Migration of labeled domains
- Integration with virtual firewalling
- Integration with Labeled Networking/IPSec/Labeled NFS
- Extensive device labeling support