1. 03 Apr, 2014 1 commit
  2. 25 Mar, 2014 1 commit
  3. 20 Mar, 2014 1 commit
  4. 17 Mar, 2014 3 commits
    • Kirk Webb's avatar
      Add "managetaint" command line utility to manage taint states · 93c518e3
      Kirk Webb authored
      This will currently work with os descriptors and nodes.
      93c518e3
    • Kirk Webb's avatar
      Refactor taintstate code and move final taint updates to stated. · 662972cd
      Kirk Webb authored
      Can't do the untainting for all cases in libosload*.  The untainting
      is now hooked into stated, where we catch the nodes as they send
      along their "RELOADDONE" events to update their taint state according
      to the final state of their partitions.
      662972cd
    • Kirk Webb's avatar
      Add taint state tracking for OSes and Nodes. · 1de4e516
      Kirk Webb authored
      Emulab can now propagate OS taint traits on to nodes that load these OSes.
      The primary reason for doing this is for loading images which
      require special treatment of the node.  For example, an OS that has
      proprietary software, and which will be used as an appliance (blackbox)
      can be marked (tainted) as such.  Code that manages user accounts on such
      OSes, along with other side channel providers (console, node admin, image
      creation) can key off of these taint states to prevent or alter access.
      
      Taint states are defined as SQL sets in the 'os_info' and 'nodes' tables,
      kept in the 'taint_states' column in both.  Currently these sets are comprised
      of the following entries:
      
      * usermode: OS/node should only allow user level access (not root)
      * blackbox: OS/node should allow no direct interaction via shell, console, etc.
      * dangerous: OS image may contain malicious software.
      
      Taint states are inherited by a node from OSes it loads during the OS load
      process.  Similarly, they are cleared from nodes as these OSes are removed.
      Any taint state applied to a node will currently enforce disk zeroing.
      
      No other tools/subsystems consider the taint states currently, but that will
      change soon.
      
      Setting taint states for an OS has to be done via SQL presently.
      1de4e516
  5. 10 Mar, 2014 1 commit
    • Mike Hibler's avatar
      Support "no NFS mount" experiments. · 5446760e
      Mike Hibler authored
      We have had the mechanism implemented in the client for some time and
      available at the site-level or, in special cases, at the node level.
      New NS command:
      
          tb-set-nonfs 1
      
      will ensure that no nodes in the experiment attempt to mount shared
      filesystems from ops (aka, "fs"). In this case, a minimal homdir is
      created on each node with basic dotfiles and your .ssh keys. There will
      also be empty /proj, /share, etc. directories created.
      
      One additional mechanism that we have now is that we do not export filesystems
      from ops to those nodes. Previously, it was all client-side and you could
      mount the shared FSes if you wanted to. By prohibiting the export of these
      filesystems, the mechanism is more suitable for "security" experiments.
      5446760e
  6. 03 Mar, 2014 1 commit
  7. 30 Jan, 2014 1 commit
  8. 29 Jan, 2014 1 commit
  9. 24 Jan, 2014 3 commits
  10. 22 Jan, 2014 1 commit
  11. 17 Jan, 2014 1 commit
  12. 08 Jan, 2014 1 commit
  13. 07 Jan, 2014 1 commit
    • Mike Hibler's avatar
      A couple of minor tweaks. · dac3a614
      Mike Hibler authored
      Add -1 option to run the lease_daemon for exactly one pass and then exit.
      
      Allow fractional values for some of the sitevars whose values are measured
      in days. Mostly for debugging, in normal use, a granularity of days is fine.
      
      Tweak the log output.
      dac3a614
  14. 06 Jan, 2014 4 commits
  15. 03 Jan, 2014 6 commits
  16. 31 Dec, 2013 1 commit
  17. 17 Dec, 2013 1 commit
  18. 16 Dec, 2013 1 commit
  19. 12 Dec, 2013 1 commit
  20. 11 Dec, 2013 9 commits