Roadmap 2022

Alexander Tormasov a.tormasov at innopolis.ru
Thu Jan 13 12:22:30 CET 2022


Hi Johannes,
thanks for clarification 

>> Do you have something like ACL applied to file system? 
> 
> The VFS server has no notion of users or ACL, yet it is possible to
> provide different parts of the VFS to different clients/sessions. This
> is achieved by specifying a <policy>, which sets the root directory for
> the session and whether write operations are permitted. This basically
> provides per-directory access control.
> 
>> 
>> Do you have own or external auth mechanism, like LDAP
>> server/Radius/etc?
> 
> Natively, there is no notion of users in Genode. Instead, access
> control is conducted on a per-session basis. On the one hand, the init
> component takes care of routing a particular session request to a
> certain child component (or parent). On the other hand, the child
> providing the service may further allow the specification of session
> policies (as mentioned above) so that different clients receive
> different permissions.
> 

I want to integrate Genode + low level OS (e.g. nova or sel4) to be integrated with existing environments related to containers.
Most of this things do assume some kind of per-user control.

may be I can ask my question in different format - what is the best way of such integration??

Simplistic approach I saw in the implementation of ssh_server.run - they just create «inline» plain text fake user+password (with non-fake crypto key).

in standard unix/linux/etc during container creation I use some credentials for docker and for files access simultaneously. 
docker suggest to keep it outside (while can hold inside) [1]:
...
Credentials store
The Docker Engine can keep user credentials in an external credentials store, such as the native keychain of the operating system. Using an external store is more secure than storing credentials in the Docker configuration file.

To use a credentials store, you need an external helper program to interact with a specific keychain or external store. Docker requires the helper program to be in the client’s host $PATH.

This is the list of currently available credentials helpers and where you can download them from:

	• D-Bus Secret Service: https://github.com/docker/docker-credential-helpers/releases
	• Apple macOS keychain: https://github.com/docker/docker-credential-helpers/releases
	• Microsoft Windows Credential Manager: https://github.com/docker/docker-credential-helpers/releases
	• pass: https://github.com/docker/docker-credential-helpers/releases
…

To implement docker container I need to answer for both questions : 
- what access control and credentials I will use for underlaying file system (it can generate endless problems if treat in wrong way - like failed scripts execution/etc), and 
- how access control info should be provided to docker itself (at least in form of root/non root users, or keychains/etc), see [1]. 

Note: In theory we can have 3-d question to be answered - "how container will store secure 3-d party data", but it is different from first two above and can be answered by applications later. As I understand encrypted block storage vbe is a movement to this direction?

So, my question is: I do not like an idea to keep event for tests «a+rwx» mode for files and plain text user/passwords stored in run files. Are there anything better than that available for prototype, or I need to keep this unsecure approach in this moment for both file system and container permissions?

Note: I understand that internally system based on Genode will be significantly more secure by itself. Anyway we need to consider the whole system, including external clients used by users to access and manage the system.

[1] https://docs.docker.com/engine/reference/commandline/login/

Sincerely,
	Alexander



More information about the users mailing list