Menu
▾
▴
Re: [Isolated-exec-devel] Security through Isolation in Xen
|
From: Passera, P. R <pab...@in...> - 2009-01-29 12:39:42
|
>I just built a Linux VM, but now I need to find the code that tells it >to run the command. The application that runs the executable in the sandbox is called Migration Module. You can find both the code and the executable in the release 0.0.1 >When I go to send to the Linux Sandbox VM, it crashes the Linux VM >right after the file copy, but I assume that is because it is try to >run it without the wine command in front. I don't understand. Did you installed the Migration Module in the Linux Sandbox? Without that it won't work because the Decision Module that is in Dom0 communicates with the Migration Module to orchestrate the execution. >I'll look through the code to try to find it, but pointers and any >other things that I might run into would be helpful. The code that sends the file from the UserVM is called Delegation Module, it just copy the file to Dom0 and then notifies Dom0 that a file wants to be migrated. Then the Decision Module in Dom0 receives the message, it unpauses a Sandbox, copies the file and then commands the Migration Module in the Sandbox to run the application. You can find all the code that belong to the Windows modules under the ./windows folder in the repo and the code for the decision module can be found under the ./linux folder in the repo also. Let me know if you need more info. Regarding the bug after closing the application in the Sandbox. The correct behavior is that the Decision Module closes the application, then it restart the Sandbox, pause it and put it again into the VM pool. There is a bug related to that that we need to fix. This should be easy because it was working and in one of our latest changes it got broken. You can see the bug at http://sourceforge.net/tracker/index.php?func=detail&aid=2372647&group_id=24 5240&atid=1126054. We will try to fix it so complete use case can be seen. Regards, Pablo >-----Original Message----- >From: Todd Deshane [mailto:des...@gm...] >Sent: Tuesday, January 27, 2009 8:49 PM >To: Passera, Pablo R >Cc: Protti, Duilio J; Giusti, Gisela; Colsani, Guillermo E; isolated- >exe...@li... >Subject: Re: [Xen-research] Security through Isolation in Xen > >On Tue, Jan 27, 2009 at 12:48 PM, Passera, Pablo R ><pab...@in...> wrote: >>>Even withough closing, trying to run notepad again, I get a NO_FREE_VM >>>error on the user VM... >> >> After closing notepad the VM should be restarted and once is up and >running again, the decision module will add it >automatically to the >VMPool. This takes like 45 seconds. After that you can send an >application again. If you have more >than one VM in the pool, you can >send the application immediately and the decision module will pick >another VM from >the pool while the first one is starting. >> >>>I see, I only have one sandbox VM... So it looks like I can >>>uncomment/make more in /etc/vmpool.conf right? >> >> Yes, that is correct. >> >>>Does anybody have a Linux Sandbox VM that I could download? If not, >>>I'll try to make a Linux one (with wine installed)... >> >> You can do that or you can copy the windows image and configure the >network in it (you can put 192.168.0.2 to this >other one). Also you >will have to modify vmpool.cfg to point to the correct xen config file >for this new machine and all the >other configurations there. If you >install a linux machine with wine remember to install the migration >module in wine. >Unfortunately, I don't have here a linux image ready to >run. >> > >I just built a Linux VM, but now I need to find the code that tells it >to run the command. > >When I go to send to the Linux Sandbox VM, it crashes the Linux VM >right after the file copy, but I assume that is because it is try to >run it without the wine command in front. > >I'll look through the code to try to find it, but pointers and any >other things that I might run into would be helpful. > >Thanks, >Todd > >-- >Todd Deshane >http://todddeshane.net >http://runningxen.com |
