1. 25 Mar, 2014 4 commits
    • Leigh B Stoller's avatar
    • Leigh B Stoller's avatar
      Minor fix to previous revision. · ac13f646
      Leigh B Stoller authored
      ac13f646
    • Leigh B Stoller's avatar
      Server side of firewall support for XEN containers. · 2faea2f3
      Leigh B Stoller authored
      This differs from the current firewall support, which assumes a single
      firewall for an entire experiment, hosted on a dedicated physical
      node. At some point, it would be better to host the dedicated firewall
      inside a XEN container, but that is a project for another day (year).
      
      Instead, I added two sets of firewall rules to the default_firewall_rules
      table, one for dom0 and another for domU. These follow the current
      style setup of open,basic,closed, while elabinelab is ignored since it
      does not make sense for this yet.
      
      These two rules sets are independent, the dom0 rules can be applied to
      the physical host, and domU rules can be applied to specific
      containers.
      
      My goal is that all shared nodes will get the dom0 closed rules (ssh
      from local boss only) to avoid the ssh attacks that all of the racks
      are seeing.
      
      DomU rules can be applied on a per-container (node) basis. As
      mentioned above this is quite different, and needed minor additions to
      the virt_nodes table to allow it.
      2faea2f3
    • Leigh B Stoller's avatar
  2. 24 Mar, 2014 2 commits
  3. 22 Mar, 2014 5 commits
  4. 20 Mar, 2014 2 commits
  5. 19 Mar, 2014 1 commit
    • Mike Hibler's avatar
      get FreeBSD firewall working with vnodes. · 650adc28
      Mike Hibler authored
      Firewall needed to be taught about the vnode control net (172.16.0.0).
      Basic stuff works now. Haven't tested everything.
      
      Unrelated to this commit, the Linux firewall seems to be broken.
      No traffic flows between the inside and outside even in an "open"
      configuration. Needs investigation.
      650adc28
  6. 18 Mar, 2014 1 commit
  7. 17 Mar, 2014 4 commits
    • Kirk Webb's avatar
      Implement "showall" action. · d0eb29d1
      Kirk Webb authored
      Required rearranging some things in the script to accomodate an action
      that only requires one additional argument.
      d0eb29d1
    • Kirk Webb's avatar
      Add "managetaint" command line utility to manage taint states · 93c518e3
      Kirk Webb authored
      This will currently work with os descriptors and nodes.
      93c518e3
    • Kirk Webb's avatar
      Refactor taintstate code and move final taint updates to stated. · 662972cd
      Kirk Webb authored
      Can't do the untainting for all cases in libosload*.  The untainting
      is now hooked into stated, where we catch the nodes as they send
      along their "RELOADDONE" events to update their taint state according
      to the final state of their partitions.
      662972cd
    • Kirk Webb's avatar
      Add taint state tracking for OSes and Nodes. · 1de4e516
      Kirk Webb authored
      Emulab can now propagate OS taint traits on to nodes that load these OSes.
      The primary reason for doing this is for loading images which
      require special treatment of the node.  For example, an OS that has
      proprietary software, and which will be used as an appliance (blackbox)
      can be marked (tainted) as such.  Code that manages user accounts on such
      OSes, along with other side channel providers (console, node admin, image
      creation) can key off of these taint states to prevent or alter access.
      
      Taint states are defined as SQL sets in the 'os_info' and 'nodes' tables,
      kept in the 'taint_states' column in both.  Currently these sets are comprised
      of the following entries:
      
      * usermode: OS/node should only allow user level access (not root)
      * blackbox: OS/node should allow no direct interaction via shell, console, etc.
      * dangerous: OS image may contain malicious software.
      
      Taint states are inherited by a node from OSes it loads during the OS load
      process.  Similarly, they are cleared from nodes as these OSes are removed.
      Any taint state applied to a node will currently enforce disk zeroing.
      
      No other tools/subsystems consider the taint states currently, but that will
      change soon.
      
      Setting taint states for an OS has to be done via SQL presently.
      1de4e516
  8. 14 Mar, 2014 7 commits
  9. 13 Mar, 2014 1 commit
  10. 12 Mar, 2014 13 commits