[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GSoC project about virtualization using Hurd mechanisms

From: zhengda
Subject: Re: GSoC project about virtualization using Hurd mechanisms
Date: Sun, 13 Apr 2008 23:53:51 +0200
User-agent: Thunderbird (X11/20080213)


olafBuddenhagen@gmx.net wrote:
No, not really. Unlike the full network hypervisor, which I mentioned as
an alternative design, the BPF translator is only responsible for
setting the filter rules; the actual packets are still sent/received
through the kernel device directly...

But being in charge of setting the filters, the BPF translator could
also enact some (limited) policy, by deciding what kind of filter rules
individual pfinets and other users can set... If BPF is made the only
way for setting the filters, the policy could actually be enforced this
way -- though I don't know whether this was originally part of the plan
for the BPF translator.
As my understanding, the role of the BPF translator is to work as a guard between the user and the packet filter in the kernel.
Does this mean that only root user can run pfinet in the Hurd?
But it makes sense. Now I know why currently only root can run subhurd.
The security issue in the microkernel is quite interesting. I think I should dig more.
I see, there was some misunderstanding here. Does the above explanation
clear it up?
Yes, thank you.

As you mentioned in the previous letter:

It would be possible to force the subhurd to use the main Hurd's BPF
translator. However, that would require some mechanism to allow a
subhurd to access another Hurd's translators -- this could also be part
of the "improve subhurds" task. It's much more complicated though than
implementing a low-level server (supervisor), which could use a simpler
interface, or even be completely transparent to the clients...
(Pretending that it's the actual kernel device.)

How does the network supervisor work?
Is it similar to the second solution I have mentioned (every pfinet has to send packets to a central process first which helps forward them)? And why is the network supervisor implemented easily than the BPF translator for helping subhurd communicate with the main Hurd? I mean since subhurd can communicate with the supervisor, why can it not communicate with the BPF translator of the main Hurd in the same way?
The security problem again?

Zheng Da

reply via email to

[Prev in Thread] Current Thread [Next in Thread]