johannes.schlatow at genode-labs.com
Fri Jan 14 18:04:21 CET 2022
> I want to integrate Genode + low level OS (e.g. nova or sel4) to be
> integrated with existing environments related to containers. Most of
> this things do assume some kind of per-user control.
> may be I can ask my question in different format - what is the best
> way of such integration??
That is a question I don't have a satisfying answer for at the moment.
What I understand from your explanations is that you want to have some
sort of user authentication by which the docker engine decides what
permissions the user gets for starting containers. In other words the
user's permissions determine the view the user gets on a shared file
I believe I would approach it in a way that maps users to File_system
sessions. This will not be a direct translation of file-based ACLs
though but it will allow having multiple users sharing a certain
directory. A container may also open multiple File_system sessions for
different users by which you should be able to control access
permissions on the file system. Yet, I have no particular idea at the
moment on how a chmod/chown done by a container can be emulated with
this approach since it would need to modify the session policies of the
By the way, I recommend you have a look at Martin's article series
about the VFS: http://genodians.org/m-stein/2021-06-21-vfs-1
More information about the users