On Tuesday 12 August 2008 5:57:19 am James Morris wrote:
On Tue, 12 Aug 2008, Russell Coker wrote:
One thing that should be noted is the labelled network benefits. If you had several groups of virtual servers running at different levels and wanted to prevent information leaks then having SE Linux contexts and labelled networking could make things a little easier.
I have had some real challenges in managing firewall rules for Xen servers. My general practice is to try and make sure that there is no real need for firewalls between hosts on the same hardware (not that I want it this way - it's what technical and management issues force me to).
So for example if I have an ISP Xen server running virtual machines for a number of organisations I make sure that they are either all within a similar trust boundary (IE affiliated groups) or all mutually untrusting (IE other IP addresses in the same net-block are treated the same as random hosts on the net).
Thanks for the insights -- we expect to address the virtual networking aspect in some way.
I think we could do some pretty cool things here with the new, well 2.6.25 new, network ingress/egress controls and restricting VM instances to specific interfaces and/or networks. However, we would need to settle the basic VM label management issues first. -- paul moore linux @ hp