vsys provides a safe mechanism for non-privileged users to execute privileged commands.
This facility is especially important in virtualized environments, in which
users are not only restricted but also isolated. The mechanism is safe, as (i)
the commands available to a user (or virtual guest) are a predetermined set of
executable files, which can control the extent of access that the slice has to
the foreign context at a very fine grain and (ii) the authentication mechanism
of vsys relies on file-system or usenix-permission-based isolation and does not require any explicit
negotiation when privileged services are invoked. vsys services are executable
files placed in a specific directory in the serving context. Slices that
subscribe to these services are populated with a pair of fifo pipes (or unix
domain socket) for each available service. These pipes or sockets respectively become the
input and output channels to communicate with the service.
For example, a script that would let a user fetch the list of slices from its
home site would look like this:
#!/usr/bin/perl
# Get the slice name ($ARGV[0])
$slice_name=$ARGV[0];
$slice_name=~m/(.*)_(.*)/;
$slice_site=$1;
open PWD, "/etc/passwd";
while () {
if (/$slice_site/) {
print $_;
}
}
close PWD;
Documentation
This documentation is about 3 years old. It will be updated soon. In the meantime, please
get in touch with me (sapanb à cs princeton edu) if you want to get started using this tool.
Documentation on using vsys and privilege allocation using vsys.
Vsys documentation (html)Vsys documentation (pdf)
Versions
vsys-1.0 Minor tweaks and optimizations. Much testing for stability. vsys-0.8 Many bug fixes. vsys-0.6 Fixed a build issue. vsys-0.5 vsyssh A program that lets slices use native UNIX tools, eg. tail, cat, grep etc. with vsys
scripts.