Hi Johannes,
thanks for clarification
>> Do you have something like ACL applied to file system?
>
> The VFS server has no notion of users or ACL, yet it is possible to
> provide different parts of the VFS to different clients/sessions. This
> is achieved by specifying a <policy>, which sets the root directory for
> the session and whether write operations are permitted. This basically
> provides per-directory access control.
>
>>
>> Do you have own or external auth mechanism, like LDAP
>> server/Radius/etc?
>
> Natively, there is no notion of users in Genode. Instead, access
> control is conducted on a per-session basis. On the one hand, the init
> component takes care of routing a particular session request to a
> certain child component (or parent). On the other hand, the child
> providing the service may further allow the specification of session
> policies (as mentioned above) so that different clients receive
> different permissions.
>
I want to integrate Genode + low level OS (e.g. nova or sel4) to be integrated
with existing environments related to containers.
Most of this things do assume some kind of per-user control.
may be I can ask my question in different format - what is the best way of such
integration??
Simplistic approach I saw in the implementation of ssh_server.run - they just
create «inline» plain text fake user+password (with non-fake crypto key).
in standard unix/linux/etc during container creation I use some credentials for
docker and for files access simultaneously.
docker suggest to keep it outside (while can hold inside) [1]:
...
Credentials store
The Docker Engine can keep user credentials in an external credentials store,
such as the native keychain of the operating system. Using an external store is
more secure than storing credentials in the Docker configuration file.
To use a credentials store, you need an external helper program to interact
with a specific keychain or external store. Docker requires the helper program
to be in the client’s host $PATH.
This is the list of currently available credentials helpers and where you can
download them from:
• D-Bus Secret Service:
https://github.com/docker/docker-credential-helpers/releases
• Apple macOS keychain:
https://github.com/docker/docker-credential-helpers/releases
• Microsoft Windows Credential Manager:
https://github.com/docker/docker-credential-helpers/releases
• pass: https://github.com/docker/docker-credential-helpers/releases
…
To implement docker container I need to answer for both questions :
- what access control and credentials I will use for underlaying file system
(it can generate endless problems if treat in wrong way - like failed scripts
execution/etc), and
- how access control info should be provided to docker itself (at least in form
of root/non root users, or keychains/etc), see [1].
Note: In theory we can have 3-d question to be answered - "how container will
store secure 3-d party data", but it is different from first two above and can
be answered by applications later. As I understand encrypted block storage vbe
is a movement to this direction?
So, my question is: I do not like an idea to keep event for tests «a+rwx» mode
for files and plain text user/passwords stored in run files. Are there anything
better than that available for prototype, or I need to keep this unsecure
approach in this moment for both file system and container permissions?
Note: I understand that internally system based on Genode will be significantly
more secure by itself. Anyway we need to consider the whole system, including
external clients used by users to access and manage the system.
[1] https://docs.docker.com/engine/reference/commandline/login/
Sincerely,
Alexander
_______________________________________________
Genode users mailing list
[email protected]
https://lists.genode.org/listinfo/users
