[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [libvirt] Libvirt and IPSec
- From: Michal Novotny <minovotn redhat com>
- To: Paolo Smiraglia <paolo smiraglia polito it>
- Cc: libvir-list redhat com
- Subject: Re: [libvirt] Libvirt and IPSec
- Date: Mon, 02 May 2011 15:27:29 +0200
On 05/02/2011 03:12 PM, Paolo Smiraglia wrote:
> Hi Michal!
>
> Due to reduce the implementation time and verify quickly if our project
> is feasible, we decided to implement the prototype by using the simplest
> user-space applications (VTun, Open vSwitch).
>
> To increase the security, we would like to move in kernel-space all
> security components. We want to migrate from user to kernel space not by
> defining new kernel modules or by modifying the existing ones, but by
> using already defined applications that perform our security
> requirements in kernel spaces.
>
> For instance, we have defined an application which filters all received
> packets (by analyzing the VLAN tags) before that they are received by
> the switch. We think that the filtering may be executed by using the
> SELinux labels. About tunneling, we want to remove VTun from our
> framework and setup directly the 'gretap' interfaces.
>
> Any other questions are welcomed!
>
> Paolo
>
>
Hi Paolo,
thanks for your quick reply. Maybe I can see the point now. If you would
like to implement it using the already defined application that performs
the security requirements in the kernel-space I guess the application
are in the form of kernel module or directly implemented into the kernel
so you need to check whether the required feature is present/module
loaded to allow the functionality. Is this your aim ?
Michal
--
Michal Novotny <minovotn redhat com>, RHCE
Virtualization Team (xen userspace), Red Hat
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]