Difference between revisions of "SVirt/TODO"

From SELinux Wiki
Jump to: navigation, search
(Before v1.00)
(For v0.30)
 
(33 intermediate revisions by the same user not shown)
Line 3: Line 3:
  
 
=== For v0.30 ===
 
=== For v0.30 ===
 +
* <s>Fix SELinux build configuration</s>
 +
* <s>Simplify qemudNodeGetSecurityModel</s>
 +
* <s>Add "test" security driver</s>
 +
* <s>Fix security driver probe logic</s>
 +
* <s>Ensure VIR_CONNECT_RO checked where appropriate</s>
  
* Fix have/with SELinux build configuration
+
==== (via feedback from v0.20) ====
* Convert existing storage labeling
+
  
 +
* <s>Move security model/doi to last fields in virsh dominfo</s>
 +
* <s>Change virDomainSecLabel -> virSecurityLabel</s>
 +
** <s>similar change to API calls</s>
 +
* <s>Change virDomainSecModel -> virSecurityModel</s>
 +
** <s>similar change to API calls</s>
 +
** <s>general renaming then of seclabel to security</s>
 +
* <s>Use CHECK_LIB/HEADER to detect libselinux (and fix build system in general)</s>
 +
* <s>Rename virDomainGetSecModel to virNodeGetSecurityModel</s>
 +
* <s>''Integrate model into SecurityLabel (in case node config differs) ?''  [n/a]</s>
 +
* <s>Change -2 error returns to -1</s>
 +
* <s>Use remoteDispatchOOMError() for OOM errors</s>
 +
* <s>Create virXPathStringLimit() from virDomainSecLabelDefParseXMLString()</s>
 +
 +
----
 +
 +
=== For v0.40 ===
 +
* MCS dynamic labeling for simple isolation
  
 
----
 
----
Line 12: Line 33:
 
=== Before v1.00 ===
 
=== Before v1.00 ===
  
* MCS dynamic labeling for simple isolation
+
* Convert existing storage labeling
 +
 
 +
* Move libvirt symbols to public API before merge.
 +
 
 +
* Identify which tools and related docs need to be made sVirt-aware
  
 
* Security review by KVM and core virt folk
 
* Security review by KVM and core virt folk
  
 
* Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc.
 
* Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc.
 +
 +
* Policy for save/dump/restore
  
 
* Integration with GUI tools (virt-manager etc.)
 
* Integration with GUI tools (virt-manager etc.)
Line 42: Line 69:
  
 
* Add testcases to libvirt test framework
 
* Add testcases to libvirt test framework
 +
** Expand "test" security driver
  
 
* Handle qemud restart
 
* Handle qemud restart
  
 +
* Integration with oVirt ?
 +
 +
* libvirtd config: require enforcing mode option ?
 +
 +
* Do we need MAC policy for defining and undefining domains?
  
 
----
 
----
Line 51: Line 84:
  
 
* Support for session mode (not just system mode)
 
* Support for session mode (not just system mode)
 +
** Integrate with RBAC/UBAC ?
  
 
* Make DOI configurable
 
* Make DOI configurable
Line 69: Line 103:
  
 
* Strong binding of resources to domains, via e.g. crypto, TPM, vTPM etc.
 
* Strong binding of resources to domains, via e.g. crypto, TPM, vTPM etc.
 +
 +
* Support virtualization in policy generation wizard
 +
 +
* Support for other security models (SMACK)

Latest revision as of 06:40, 13 January 2009

sVirt To Do List

For v0.30

  • Fix SELinux build configuration
  • Simplify qemudNodeGetSecurityModel
  • Add "test" security driver
  • Fix security driver probe logic
  • Ensure VIR_CONNECT_RO checked where appropriate

(via feedback from v0.20)

  • Move security model/doi to last fields in virsh dominfo
  • Change virDomainSecLabel -> virSecurityLabel
    • similar change to API calls
  • Change virDomainSecModel -> virSecurityModel
    • similar change to API calls
    • general renaming then of seclabel to security
  • Use CHECK_LIB/HEADER to detect libselinux (and fix build system in general)
  • Rename virDomainGetSecModel to virNodeGetSecurityModel
  • Integrate model into SecurityLabel (in case node config differs) ? [n/a]
  • Change -2 error returns to -1
  • Use remoteDispatchOOMError() for OOM errors
  • Create virXPathStringLimit() from virDomainSecLabelDefParseXMLString()

For v0.40

  • MCS dynamic labeling for simple isolation

Before v1.00

  • Convert existing storage labeling
  • Move libvirt symbols to public API before merge.
  • Identify which tools and related docs need to be made sVirt-aware
  • Security review by KVM and core virt folk
  • Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc.
  • Policy for save/dump/restore
  • Integration with GUI tools (virt-manager etc.)
  • General OS integration
  • Basic storage labeling support (investigate labeling for non-image devices, e.g. mapping UUID, HAL etc.)
    • Possibly include context-mount labeling of NFS bind mounts for remote images
  • Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here)
  • Find owner for Fedora (dwalsh or danpb ?) and add to feature wiki
  • Investigate generator.py for new API calls
  • Make autostart work properly
  • Policy for /dev/kvm (and similar)
  • Policy for control sockets, virtual console, vnc access, shared devices, parent/child communications etc.
  • Placement and policy for VM log files
  • Debug integration with audit subsystem
  • Add testcases to libvirt test framework
    • Expand "test" security driver
  • Handle qemud restart
  • Integration with oVirt ?
  • libvirtd config: require enforcing mode option ?
  • Do we need MAC policy for defining and undefining domains?

Post v1.00

  • Support for session mode (not just system mode)
    • Integrate with RBAC/UBAC ?
  • Make DOI configurable
  • Migrate isolated domains between security models
  • Deployment of labeled appliances via virt-image etc.
  • Migration of labeled domains
  • Integration with virtual firewalling
  • Integration with Labeled Networking/IPSec/Labeled NFS (e.g. use of overlay VPNs for networks on host)
  • Extensive device labeling support
    • Labeling for all kinds of devices
    • Boot from network storage
  • Strong binding of resources to domains, via e.g. crypto, TPM, vTPM etc.
  • Support virtualization in policy generation wizard
  • Support for other security models (SMACK)