labeled brand zone [PSARC/2009/065 FastTrack timeout 02/11/2009]

Glenn Faden Glenn.Faden at sun.com
Wed Feb 4 12:07:47 PST 2009 

Gerald Jelinek wrote:
> I'm sponsoring this fast-track for Ric Aleshire.
> The contract is in the case directory and both
> managers will sign the contract before the case times
> out.
>
> Thanks,
> Jerry
>
>
> Template Version: @(#)sac_nextcase %I% %G% SMI
> This information is Copyright 2009 Sun Microsystems
> 1. Introduction
>     1.1. Project/Component Working Name:
> 	 labeled brand zone
>     1.2. Name of Document Author/Supplier:
> 	 Author:  Ric Aleshire
>     1.3  Date of This Document:
> 	04 February, 2009
> 4. Technical Description
>
> "Labeled" Brand Zone
>
> Problem
>
> Configuring and operating Trusted Extensions is a complex
> administrative task.  When Trusted extensions is enabled, each zone
> must be associated with a unique sensitivity label.  Only labeled zones
> are compatible with the Trusted Gnome desktop.  The creation of labeled
> zones is particularly involved, and requires zone configuration
> differences compared to traditional native zones.  In OpenSolaris, for
> example, labeled zones need additional IPS packages, additional lofs
> mounts, and additional customization prior to first boot.  We need a
> convenient way to provide indirection for these customizations, to
> automate and "hide" them, to simplify system administration.
>
>
> Proposal
>
> Interfaces for branded zones (PSARC/2005/471) provide a transparent way
> to handle differences in zone environments.  This case reserves a new
> brand type, "labeled", which will be used to implement zones for Trusted
> Extensions.  The "labeled" brand type is closely related to the native
> brand.  No kernel modules or other additional software is required for
> this brand; it is a native-equivalent brand.
>
> This case also establishes a contract for zone interfaces used to support
> the new "labeled" brand type.
>
> In addition, the following applies when Trusted Extensions is enabled:
>
> 1) Except where directed explicitly by the content of the brand files,
>    zones infrastructure will not implicitly distinguish between brands
>    (i.e., conditional behavior based on brand name) and will treat all
>    zones as native.
>
> 2) Only native and native-equivalent brands can be started.  Non-native
>    zones cannot be run under TX.
>   
Similarly, when TX is disabled, it should not be possible to boot zones 
with the "labeled" brand type since that would effectively declassify them.

--Glenn
>
> Interfaces
>
> _________________________________________________________________________
> |                         Interfaces Exported                           |
> |_______________________________________________________________________|
> | Interface                                  | Stability                |
> |____________________________________________|__________________________|
> | brand name "labeled"                       | Committed                |
> |____________________________________________|__________________________|
>
>
> This case imports the following BrandZ interfaces, which are all Project
> Private to the BrandZ project.  (A contract for use of these interfaces
> is included in materials for this case.)
>
> _________________________________________________________________________
> |                         Interfaces Imported                           |
> |_______________________________________________________________________|
> | Interface                                  | Comment                  |
> |____________________________________________|__________________________|
> | /usr/share/lib/xml/dtd/zone_platform.dtd.1 |                          |
> |____________________________________________|__________________________|
> | /usr/share/lib/xml/dtd/brand.dtd.1         | Specifically, these tags |
> |                                            | in brand.dtd.1 are used: |
> |                                            |    <install>             |
> |                                            |    <installopts>         |
> |                                            |    <initname>            |
> |                                            |    <login_cmd>           |
> |                                            |    <user_cmd>            |
> |____________________________________________|__________________________|
>
> (Note that no libbrand.so interfaces are used.)
>
>
> References
>
> PSARC 2002/762 - Layered Trusted Solaris
> PSARC/2002/174 - Virtualization and Namespace Isolation in Solaris
> PSARC/2005/471 - BrandZ: Support for non-native zones
>
>
> 6. Resources and Schedule
>     6.4. Steering Committee requested information
>    	6.4.1. Consolidation C-team Name:
> 		ON
>     6.5. ARC review type: FastTrack
>     6.6. ARC Exposure: open
>
>

More information about the opensolaris-arc mailing list