On 05/02/2011 03:12 PM, Paolo Smiraglia wrote:
Hi Michal!
Due to reduce the implementation time and verify quickly if our project is feasible, we decided to implement the prototype by using the simplest user-space applications (VTun, Open vSwitch).
To increase the security, we would like to move in kernel-space all security components. We want to migrate from user to kernel space not by defining new kernel modules or by modifying the existing ones, but by using already defined applications that perform our security requirements in kernel spaces.
For instance, we have defined an application which filters all received packets (by analyzing the VLAN tags) before that they are received by the switch. We think that the filtering may be executed by using the SELinux labels. About tunneling, we want to remove VTun from our framework and setup directly the 'gretap' interfaces.
Any other questions are welcomed!
Paolo
Hi Paolo, thanks for your quick reply. Maybe I can see the point now. If you would like to implement it using the already defined application that performs the security requirements in the kernel-space I guess the application are in the form of kernel module or directly implemented into the kernel so you need to check whether the required feature is present/module loaded to allow the functionality. Is this your aim ? Michal -- Michal Novotny <minovotn@redhat.com>, RHCE Virtualization Team (xen userspace), Red Hat