Difference between revisions of "SVirt/TODO"

From SELinux Wiki
Jump to: navigation, search
m (Post v1.00)
(Before v1.00)
Line 22: Line 22:
 
* General OS integration
 
* General OS integration
  
* Basic storage labeling support
+
* Basic storage labeling support (investigate labeling for non-image devices, e.g. mapping UUID, HAL etc.)
  
 
* Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0).  (Check with danpb to see what the plans are here)
 
* Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0).  (Check with danpb to see what the plans are here)

Revision as of 03:51, 10 December 2008

sVirt To Do List

For v0.30

  • Fix have/with SELinux build configuration
  • Convert existing storage labeling



Before v1.00

  • MCS dynamic labeling for simple isolation
  • Security review by KVM and core virt folk
  • Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc.
  • Integration with GUI tools (virt-manager etc.)
  • General OS integration
  • Basic storage labeling support (investigate labeling for non-image devices, e.g. mapping UUID, HAL etc.)
  • Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here)
  • Find owner for Fedora (dwalsh or danpb ?) and add to feature wiki
  • Investigate generator.py for new API calls
  • Make autostart work properly
  • Policy for /dev/kvm (and similar)
  • Policy for control sockets, virtual console, vnc access, shared devices, parent/child communications etc.
  • Placement and policy for VM log files
  • Debug integration with audit subsystem
  • Add testcases to libvirt test framework
  • Handle qemud restart



Post v1.00

  • Support for session mode (not just system mode)
  • Make DOI configurable
  • Migrate isolated domains between security models
  • Deployment of labeled appliances via virt-image etc.
  • Migration of labeled domains
  • Integration with virtual firewalling
  • Integration with Labeled Networking/IPSec/Labeled NFS
  • Extensive device labeling support