pibara / mfmf Goto Github PK

Provide an base AppArmor module profile with example profile for an example actor. A worker should only be able to access its own .ctl, not that of other actors. It should have full access to sparse-cap controlled MattockFS subdirs as well as to the carvpath subsystem and some special inf and ctl files. Further, a worker should have limited access to the /proc virtual file-system that could potentially allow
it to steal capabilities from its worker peers or possibly even from other actors. A proper AppArmor profile for a module should allow that module access to everything it needs while maintaining proper privilege separation and elevating the sparse-cap based access control to the level of true capability based security.

Module for walking a regular file-system using python tsk library.

The current throttler is a NULL throttler and as such a poor example. Do at least SOME basic throttling to show what being a throttler is all about.

Use mime-type to determine tool-chain. pass along remaining tool-chain as router state. New mime-type should take precedence over remaining old tool-chain.

While AppArmor should take care of most of the file-system based concerns that MattockFS can not address on its own, there is still the threat of access to networking from potentially vulnerable workers.
IPTABLES allows for uid based firewall rules that could enhance the privsep for MattockFS beyond being purely file-system focused. For example disalowing networj access to the redis servers used by MattockFS for longpath storage, to a database server used by some specific data storage module, or to an indexing server used by some text indexing module. We should provide a simple set if IPTABES rules to demonstrate how uid and possibly gid based firewall rules can contribute to stricter privsep.

A set of simple kickstart modules that use MattockFS its /etc snapshotting facility for passing around rule-list to the next module.