1. 26 Mar, 2014 6 commits
  2. 25 Mar, 2014 5 commits
  3. 24 Mar, 2014 2 commits
  4. 22 Mar, 2014 5 commits
  5. 20 Mar, 2014 2 commits
  6. 19 Mar, 2014 1 commit
    • Mike Hibler's avatar
      get FreeBSD firewall working with vnodes. · 650adc28
      Mike Hibler authored
      Firewall needed to be taught about the vnode control net (
      Basic stuff works now. Haven't tested everything.
      Unrelated to this commit, the Linux firewall seems to be broken.
      No traffic flows between the inside and outside even in an "open"
      configuration. Needs investigation.
  7. 18 Mar, 2014 1 commit
  8. 17 Mar, 2014 4 commits
    • Kirk Webb's avatar
      Implement "showall" action. · d0eb29d1
      Kirk Webb authored
      Required rearranging some things in the script to accomodate an action
      that only requires one additional argument.
    • Kirk Webb's avatar
      Add "managetaint" command line utility to manage taint states · 93c518e3
      Kirk Webb authored
      This will currently work with os descriptors and nodes.
    • Kirk Webb's avatar
      Refactor taintstate code and move final taint updates to stated. · 662972cd
      Kirk Webb authored
      Can't do the untainting for all cases in libosload*.  The untainting
      is now hooked into stated, where we catch the nodes as they send
      along their "RELOADDONE" events to update their taint state according
      to the final state of their partitions.
    • Kirk Webb's avatar
      Add taint state tracking for OSes and Nodes. · 1de4e516
      Kirk Webb authored
      Emulab can now propagate OS taint traits on to nodes that load these OSes.
      The primary reason for doing this is for loading images which
      require special treatment of the node.  For example, an OS that has
      proprietary software, and which will be used as an appliance (blackbox)
      can be marked (tainted) as such.  Code that manages user accounts on such
      OSes, along with other side channel providers (console, node admin, image
      creation) can key off of these taint states to prevent or alter access.
      Taint states are defined as SQL sets in the 'os_info' and 'nodes' tables,
      kept in the 'taint_states' column in both.  Currently these sets are comprised
      of the following entries:
      * usermode: OS/node should only allow user level access (not root)
      * blackbox: OS/node should allow no direct interaction via shell, console, etc.
      * dangerous: OS image may contain malicious software.
      Taint states are inherited by a node from OSes it loads during the OS load
      process.  Similarly, they are cleared from nodes as these OSes are removed.
      Any taint state applied to a node will currently enforce disk zeroing.
      No other tools/subsystems consider the taint states currently, but that will
      change soon.
      Setting taint states for an OS has to be done via SQL presently.
  9. 14 Mar, 2014 7 commits
  10. 13 Mar, 2014 1 commit
  11. 12 Mar, 2014 6 commits