Re: "Stateless Linux" project

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Havoc Pennington hp-at-redhat.com |fedora| wrote:

Appreciate feedback, 


As long as you are looking for opinions and ideas...

I think that the CODA project would be an excellent match for your stateless linux concept. It combines the sort of stateless distributed file system that caches data locally and can even deal with rejoining networks after a temporary network outage/failover type situation. Much of what you are looking for could be incorporated from there, or at least the lessons learned should be taken into account.

http://www.coda.cs.cmu.edu/

What ever you come up with, in my opinion, MUST support SELinux but not necessarily require it. This could be a short term wrench in the cogs of progress but it will be well worth the effort to assume that support is needed. Adding SE to the initial boot cycle you would ensure better control over the network bootstrap process so that it will be harder to hack into, as network loading of images is inherently vulnerable since the logic needed for proper validation of the image must have been cached already or the security contexts transferred first. Changing the boot up sequence necessitates getting some SE gurus in on your design early because the permissions must be labeled in the file system and permissions granted in the right sequences, otherwise the SE system will have major problems booting up. I think you need a form of distributed SE profiles which are used to bootstrap the network loading of the OS and relabeling of the root filesystem and runtime cache images. I'm no guru on SE but I know its not going to be trivial.

Another suggestion I have is to have a long term objective of incorporating OpenMosix like capabilities in order to add application migration and interprocess communication through network shared IPC. This will probably be quite useful in the network wide administration and coordinating all hosts through their administrative software/OS upgrade/bootstrap cycle amongst other things.

http://openmosix.sourceforge.net/

It would also be nice to have some form of a VPN used during the boot process and subsequent distribution of runtime images. Make it easy to boot secure and the rest of the security will fall into place.

Roll all that together and I'd like to see M$ top that! ;)

Steve Coleman
http://www.........../


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux