SVirt/TODO

From SELinux Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 00:52, 10 December 2008 (edit)
JamesMorris (Talk | contribs)
m (Post v1.00)
← Previous diff
Revision as of 03:51, 10 December 2008 (edit) (undo)
JamesMorris (Talk | contribs)
(Before v1.00)
Next diff →
Line 22: Line 22:
* General OS integration * General OS integration
-* Basic storage labeling support+* Basic storage labeling support (investigate labeling for non-image devices, e.g. mapping UUID, HAL etc.)
* Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here) * Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here)

Revision as of 03:51, 10 December 2008

Contents

sVirt To Do List

For v0.30

  • Fix have/with SELinux build configuration
  • Convert existing storage labeling



Before v1.00

  • MCS dynamic labeling for simple isolation
  • Security review by KVM and core virt folk
  • Review overall policy to ensure e.g. all command-line tools catered for, things like memory peek don't breach design etc.
  • Integration with GUI tools (virt-manager etc.)
  • General OS integration
  • Basic storage labeling support (investigate labeling for non-image devices, e.g. mapping UUID, HAL etc.)
  • Have domains run in separate directories to allow persistent labeling of resources (e.g. at rest, use MCS c0). (Check with danpb to see what the plans are here)
  • Find owner for Fedora (dwalsh or danpb ?) and add to feature wiki
  • Investigate generator.py for new API calls
  • Make autostart work properly
  • Policy for /dev/kvm (and similar)
  • Policy for control sockets, virtual console, vnc access, shared devices, parent/child communications etc.
  • Placement and policy for VM log files
  • Debug integration with audit subsystem
  • Add testcases to libvirt test framework
  • Handle qemud restart



Post v1.00

  • Support for session mode (not just system mode)
  • Make DOI configurable
  • Migrate isolated domains between security models
  • Deployment of labeled appliances via virt-image etc.
  • Migration of labeled domains
  • Integration with virtual firewalling
  • Integration with Labeled Networking/IPSec/Labeled NFS
  • Extensive device labeling support
Personal tools