One of the specs for the laptop that's mentioned in BitFrost is that we're planning on using a unioned (Copy-on-Write (COW)) file system (likely AUFS) to produce a number of security effects (e.g. the core system software is on a r/o plane, with any changes happening only in a r/w plane above that software (and only by software that has explicitly been granted the right to write onto the system-area planes)).
Anyway, wrote up some thoughts on how to use AUFS across the project this morning and posted them to the security list. Just a straw-man to hopefully get discussion going.
I would like a system similar to that I described (modulo that I don't actually like the idea of having to explicitly grant access to individual files (I'd prefer to be able to grant access at the directory/project level), but that's something required by BitFrost).
Pingbacks are closed.