Gerald Jelinek wrote: > I'm sponsoring this fast-track for Ric Aleshire. > The contract is in the case directory and both > managers will sign the contract before the case times > out. > > Thanks, > Jerry > > > Template Version: @(#)sac_nextcase %I% %G% SMI > This information is Copyright 2009 Sun Microsystems > 1. Introduction > 1.1. Project/Component Working Name: > labeled brand zone > 1.2. Name of Document Author/Supplier: > Author: Ric Aleshire > 1.3 Date of This Document: > 04 February, 2009 > 4. Technical Description > > "Labeled" Brand Zone > > Problem > > Configuring and operating Trusted Extensions is a complex > administrative task. When Trusted extensions is enabled, each zone > must be associated with a unique sensitivity label. Only labeled zones > are compatible with the Trusted Gnome desktop. The creation of labeled > zones is particularly involved, and requires zone configuration > differences compared to traditional native zones. In OpenSolaris, for > example, labeled zones need additional IPS packages, additional lofs > mounts, and additional customization prior to first boot. We need a > convenient way to provide indirection for these customizations, to > automate and "hide" them, to simplify system administration. > > > Proposal > > Interfaces for branded zones (PSARC/2005/471) provide a transparent way > to handle differences in zone environments. This case reserves a new > brand type, "labeled", which will be used to implement zones for Trusted > Extensions. The "labeled" brand type is closely related to the native > brand. No kernel modules or other additional software is required for > this brand; it is a native-equivalent brand. > > This case also establishes a contract for zone interfaces used to support > the new "labeled" brand type. > > In addition, the following applies when Trusted Extensions is enabled: > > 1) Except where directed explicitly by the content of the brand files, > zones infrastructure will not implicitly distinguish between brands > (i.e., conditional behavior based on brand name) and will treat all > zones as native. > > 2) Only native and native-equivalent brands can be started. Non-native > zones cannot be run under TX. > Similarly, when TX is disabled, it should not be possible to boot zones with the "labeled" brand type since that would effectively declassify them.
--Glenn > > Interfaces > > _________________________________________________________________________ > | Interfaces Exported | > |_______________________________________________________________________| > | Interface | Stability | > |____________________________________________|__________________________| > | brand name "labeled" | Committed | > |____________________________________________|__________________________| > > > This case imports the following BrandZ interfaces, which are all Project > Private to the BrandZ project. (A contract for use of these interfaces > is included in materials for this case.) > > _________________________________________________________________________ > | Interfaces Imported | > |_______________________________________________________________________| > | Interface | Comment | > |____________________________________________|__________________________| > | /usr/share/lib/xml/dtd/zone_platform.dtd.1 | | > |____________________________________________|__________________________| > | /usr/share/lib/xml/dtd/brand.dtd.1 | Specifically, these tags | > | | in brand.dtd.1 are used: | > | | <install> | > | | <installopts> | > | | <initname> | > | | <login_cmd> | > | | <user_cmd> | > |____________________________________________|__________________________| > > (Note that no libbrand.so interfaces are used.) > > > References > > PSARC 2002/762 - Layered Trusted Solaris > PSARC/2002/174 - Virtualization and Namespace Isolation in Solaris > PSARC/2005/471 - BrandZ: Support for non-native zones > > > 6. Resources and Schedule > 6.4. Steering Committee requested information > 6.4.1. Consolidation C-team Name: > ON > 6.5. ARC review type: FastTrack > 6.6. ARC Exposure: open > >
