"Stateless Linux" project
23e9t5t02 at sneakemail.com
Tue Sep 14 15:20:08 UTC 2004
Havoc Pennington hp-at-redhat.com |fedora| wrote:
> Appreciate feedback,
As long as you are looking for opinions and ideas...
I think that the CODA project would be an excellent match for your
stateless linux concept. It combines the sort of stateless distributed
file system that caches data locally and can even deal with rejoining
networks after a temporary network outage/failover type situation. Much
of what you are looking for could be incorporated from there, or at
least the lessons learned should be taken into account.
What ever you come up with, in my opinion, MUST support SELinux but not
necessarily require it. This could be a short term wrench in the cogs of
progress but it will be well worth the effort to assume that support is
needed. Adding SE to the initial boot cycle you would ensure better
control over the network bootstrap process so that it will be harder to
hack into, as network loading of images is inherently vulnerable since
the logic needed for proper validation of the image must have been
cached already or the security contexts transferred first. Changing the
boot up sequence necessitates getting some SE gurus in on your design
early because the permissions must be labeled in the file system and
permissions granted in the right sequences, otherwise the SE system
will have major problems booting up. I think you need a form of
distributed SE profiles which are used to bootstrap the network loading
of the OS and relabeling of the root filesystem and runtime cache
images. I'm no guru on SE but I know its not going to be trivial.
Another suggestion I have is to have a long term objective of
incorporating OpenMosix like capabilities in order to add application
migration and interprocess communication through network shared IPC.
This will probably be quite useful in the network wide administration
and coordinating all hosts through their administrative software/OS
upgrade/bootstrap cycle amongst other things.
It would also be nice to have some form of a VPN used during the boot
process and subsequent distribution of runtime images. Make it easy to
boot secure and the rest of the security will fall into place.
Roll all that together and I'd like to see M$ top that! ;)
More information about the devel