SVirt/TODO
From SELinux Wiki
(Difference between revisions)
| Revision as of 00:47, 10 December 2008 (edit) JamesMorris (Talk | contribs) (→Before v1.00) ← Previous diff |
Revision as of 00:48, 10 December 2008 (edit) (undo) JamesMorris (Talk | contribs) m (→Before v1.00) Next diff → |
||
| Line 12: | Line 12: | ||
| === Before v1.00 === | === Before v1.00 === | ||
| - | * MCS dynamic labeling for simple isolation | + | * MCS dynamic labeling for simple isolation |
| - | * Security review by KVM and core virt folk | + | * Security review by KVM and core virt folk |
| * Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc. | * Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc. | ||
| Line 20: | Line 20: | ||
| * Integration with GUI tools (virt-manager etc.) | * Integration with GUI tools (virt-manager etc.) | ||
| - | * General OS integration | + | * General OS integration |
| - | * Basic storage labeling support | + | * Basic storage labeling support |
| - | * Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here) | + | * Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here) |
| - | * Find owner for Fedora (dwalsh or danpb ?) and add to feature wiki | + | * Find owner for Fedora (dwalsh or danpb ?) and add to feature wiki |
| - | * Investigate generator.py for new API calls | + | * Investigate generator.py for new API calls |
| - | * Make autostart work properly | + | * Make autostart work properly |
| - | * Policy for /dev/kvm (and similar) | + | * Policy for /dev/kvm (and similar) |
| * Policy for control sockets, virtual console, vnc access, shared devices, parent/child communications etc. | * Policy for control sockets, virtual console, vnc access, shared devices, parent/child communications etc. | ||
| - | * Placement and policy for VM log files | + | * Placement and policy for VM log files |
| - | * Debug integration with audit subsystem | + | * Debug integration with audit subsystem |
| - | * Add testcases to libvirt test framework | + | * Add testcases to libvirt test framework |
| - | * Handle qemud restart | + | * Handle qemud restart |
Revision as of 00:48, 10 December 2008
Contents |
sVirt To Do List
For v0.30
- Fix have/with SELinux build configuration
- Convert existing storage labeling
Before v1.00
- MCS dynamic labeling for simple isolation
- Security review by KVM and core virt folk
- Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc.
- Integration with GUI tools (virt-manager etc.)
- General OS integration
- Basic storage labeling support
- Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here)
- Find owner for Fedora (dwalsh or danpb ?) and add to feature wiki
- Investigate generator.py for new API calls
- Make autostart work properly
- Policy for /dev/kvm (and similar)
- Policy for control sockets, virtual console, vnc access, shared devices, parent/child communications etc.
- Placement and policy for VM log files
- Debug integration with audit subsystem
- Add testcases to libvirt test framework
- Handle qemud restart
Post v1.00
- Support for session mode (not just system mode).
- Make DOI configurable.
- Migrate isolated domains between security models.
- Deployment of labeled appliances via virt-image etc.
- Migration of labeled domains.
- Integration with virtual firewalling.
- Integration with Labeled Networking/IPSec/Labeled NFS.
- Extensive device labeling support.
