Below are the 6 most recent journal entries recorded in the "James Morris" journal:
Fedora 11 with sVirt|
sVirt (MAC security for Linux Virtualization), which I've previously discussed here, and formally presented at LCA in January, was released today as an integral part of virtualization in Fedora 11.
If you'd like to give it a spin, simply download and install Fedora and use the GUI admin tools to create a new virtual machine.
Thanks again to Dan Walsh, Dan Berrange and all the developers who helped with input and the heavy lifting work of completing the userland code. It still amazes me how fast things move in FOSS.
As mentioned in my last+1 post, Dan W will be talking on this topic at the upcoming LinuxCon.
Further developments in this area are already underway, and you can expect to hear about them in the coming months—see the talk slides for possible hints.
Tags: fedora, fedora11, foss, kvm, lca, linux, linuxcon, mac, security, selinux, svirt, virtualization
sVirt merged into upstream libvirt|
The sVirt code has now been merged into the upstream libvirt repository (git mirror). Thanks to Dan Walsh for taking on the remaining userspace development, and Daniel Berrange and the rest of the libvirt folk involved for reviewing and improving the code.
While we'll be focusing on the SELinux driver for sVirt, a really useful and cool project for someone interested in security and virtualization would be to develop a SMACK driver.
Tags: foss, kvm, libvirt, linux, mac, mandatory access control, security, selinux, smack, svirt, virtualization
sVirt slides from LCA|
The slides from my LCA talk on sVirt talk may be found here in PDF format.
The talk seemed to go reasonably well, and had a larger audience than I expected given that Tridge and Willy were talking at the same time. A video of the talk should appear online soon.
Tags: events, foss, hobart, kvm, lca, lca2009, libvirt, linux, linux.conf.au, lsm, mac, mandatory access control, security, selinux, smack, svirt, tasmania, virtualization
LCA next week & introduction to sVirt|
I'm preparing to travel to Hobart for LCA next week, which will be a refreshing break from the 40° heat in Sydney, and from conference jet lag—this will my first same-timezone conference in a couple of years, and the closest I've ever been to Antarctica.
I'll be giving a talk on sVirt, a project to harden Linux-based virtualization with MAC security. From the abstract:
With increased use of virtualization, one security benefit of physically separated systems -- strong isolation -- is reduced, an issue which may be ameliorated with the application of MAC security (e.g. SELinux, SMACK) in the host system.
For example, a flaw in the hypervisor or errant misconfiguration of the host may allow a virtualized guest OS to "break out" into the host environment and compromise other guests. By applying MAC security to virtual machine instances at the host level, such threats may be mitigated through strong isolation and containment of guests.
If you think hypervisor flaws are merely some kind of theoretical threat, you're dreaming. A large number of folk seem to be entirely unware of virtualization security issues, according to Joe Hernick of Network Computing:
To find out how prepared our readers are, we fielded a survey—and got some eye-popping results. We can't help thinking that the 43% saying they feel virtualized machines are just as safe and secure as traditional environments are whistling past the graveyard. Of the 384 IT operations and security professionals responding, a mere 11% have put formal strategies in place to protect their VMs.
Hyperbole aside, people who are deploying virtualized systems definitely need to start thinking about this stuff.
The sVirt project is currently in initial development, with the aim of making a v1.0 release shipping this year in Fedora. A key feature of the initial release will providing simple MAC isolation of KVM domains, so virtualized systems can't attack each other or the host system.
While Dan Walsh gave an ad-hoc talk on the subject last week at Fudcon in Boston, and I gave an ad-hoc lightning talk at Foss.my, this will be the first planned presentation properly outlining the goals, architecture and implementation strategy; and how this is part of extending flexible MAC security across every level of the modern application stack from the local OS to the globally distributed environment (cloud, grid et al). There's no shortage of interesting and bizarrely difficult problems to solve in this area. Or buzzwords.
LCA looks to be a fun conference this year, if not perhaps a little subdued due to the economic crisis (and hopefully nothing to do with Tasmania being the world's leading producer of pharmaceutical opiates).
I expect to be attending the Linux Kernel and Security miniconfs.
Talks I hope to see include:
The organizers have just announced mystery prizes for folk registering in the final week, so if you're yet to decide whether to attend, there's some more encouragement.
Tags: events, foss, hobart, kvm, lca2009, linux, linux.conf.au, mandatory access control, opium, security, selinux, smack, svirt, tasmania, virtualization
Upcoming conference talks on SELinux applications: sVirt and Kiosk Mode|
Recently, I've been busy getting the initial cut of sVirt out, and am currently processing community feedback before issuing an update. The basic idea behind sVirt is to apply MAC label security (SELinux, Smack etc.) to Linux-based virtualization schemes such as KVM, allowing the existing OS-level security mechanisms to be re-used for process-based VMs. This is an application one of the core advantages of Linux-based virtualization, where generally, all of the Linux process management infrastructure within the kernel and wider OS may be applied to domains which run inside Linux processes. So, for MAC label security in this case, we don't need to do anything in terms of modifying kernel security mechanisms, and simply modify security policy as desired. We can focus on developing the appropriate high-level abstractions (e.g. management tool support) rather than developing a new security mechanism.
How can this be useful? In the simplest case, we can increase isolation between virtual machines by assigning them different security labels, and enforcing a MAC policy which prevents them from interacting. This helps ameliorate the increased risk arising from running domains on the same hardware where previously they may have been physically separated on different machines. This is just a start. There are plenty of interesting things which can be done once the core functionality is in place, although the initial idea is to simply provide stronger isolation to better protect domains from each other.
At an architectural level, security labeling support is being added to libvirt, a virtualization API which abstracts various aspects of virtualization including different hypervisor types, storage, networking, and with sVirt: MAC security. With sVirt integrated at the API level, security labeling support can be integrated into high-level tools via standardized and flexible abstractions. For example, when creating a new domain, the graphical virt-manager tool may include a checkbox to designate the domain as "isolated"—or perhaps just do it by default for true zeroconf.
I'll be introducing sVirt more completely at LCA next January, so if you're marching south and have interests in both security and virtualization, it might be worth popping in. I'm up against Tridge in the timeslot, so it might be an intimate session.
Next week, I'll be giving a talk on Fedora Kiosk Mode at Malaysia's inaugural developer conference, FOSS.MY. Kiosk Mode is another high-level MAC security application, where anonymous users can safely access desktop sessions and browse the internet. If you have the
xguest package installed, it Just Works, as people are starting to notice.
I've been shortlisted on the same topic at the revamped FOSS.IN a few weeks later. There's also been some discussion of a kernel development workout session, in which I'd love to participate, although it's not yet short-listed. There's also the FUDCon attached to FOSS.IN. We're hoping to have a Fedora box there running Kiosk Mode for people to play with.
Tags: bangalore, developers, events, fedora, foss.in, foss.my, fudcon, india, kuala lumpur, kvm, linux, mac, malaysia, security, selinux, svirt, virtualization
Linux Plumbers Conference|
I'll be attending the Linux Plumbers Conference in Portland OR a few weeks from now. It seems like a really useful event for developers, and even a little unusual in that Linus will be giving a git tutorial.
If there's anyone attending who'd like to meet up & discuss SELinux, especially distro integration issues and similar, let me know. Kees Cook from the Ubuntu project will be there, so if we have enough people, it might also be worth organizing a BoF session (it seems there are currently slots available).
Similarly, if anyone is interested in discussing the integration of MAC security with KVM (i.e. sVirt -- a project I'll discuss in more detail soon), also let me know.
Tags: events, genitive case, git, kernel, kvm, linus, linux, linux plumbers conference, portland, security, selinux, svirt, virtualization