"README.md" did not exist on "dfe5a50461db90fab901cb697eff0d3d2e9fd229"
Add taint state tracking for OSes and Nodes.
Emulab can now propagate OS taint traits on to nodes that load these OSes. The primary reason for doing this is for loading images which require special treatment of the node. For example, an OS that has proprietary software, and which will be used as an appliance (blackbox) can be marked (tainted) as such. Code that manages user accounts on such OSes, along with other side channel providers (console, node admin, image creation) can key off of these taint states to prevent or alter access. Taint states are defined as SQL sets in the 'os_info' and 'nodes' tables, kept in the 'taint_states' column in both. Currently these sets are comprised of the following entries: * usermode: OS/node should only allow user level access (not root) * blackbox: OS/node should allow no direct interaction via shell, console, etc. * dangerous: OS image may contain malicious software. Taint states are inherited by a node from OSes it loads during the OS load process. Similarly, they are cleared from nodes as these OSes are removed. Any taint state applied to a node will currently enforce disk zeroing. No other tools/subsystems consider the taint states currently, but that will change soon. Setting taint states for an OS has to be done via SQL presently.
Showing
- db/EmulabConstants.pm.in 11 additions, 0 deletionsdb/EmulabConstants.pm.in
- db/Node.pm.in 139 additions, 0 deletionsdb/Node.pm.in
- db/OSinfo.pm.in 110 additions, 0 deletionsdb/OSinfo.pm.in
- sql/database-create.sql 2 additions, 0 deletionssql/database-create.sql
- sql/database-fill.sql 1 addition, 0 deletionssql/database-fill.sql
- sql/updates/4/385 33 additions, 0 deletionssql/updates/4/385
- tbsetup/libosload.pm.in 50 additions, 3 deletionstbsetup/libosload.pm.in
- tbsetup/libosload_new.pm.in 47 additions, 0 deletionstbsetup/libosload_new.pm.in
Loading
Please register or sign in to comment