vsys provides a safe mechanism for non-privileged users to execute privileged commands.
This facility is especially important in virtualized environments, in which
users are not only restricted but also isolated. The mechanism is safe, as (i)
the commands available to a user (or virtual guest) are a predetermined set of
executable files, which can control the extent of access that the slice has to
the foreign context at a very fine grain and (ii) the authentication mechanism
of vsys relies on file-system isolation and does not require any explicit
negotiation when privileged services are invoked. vsys services are executable
files placed in a specific directory in the serving context. Slices that
subscribe to these services are populated with a pair of fifo pipes for each
available service. These pipes respectively become the input and output
channels to communicate with teh service.
For example, a script that would let a user fetch the list of slices from its
home site would look like this:
#!/usr/bin/perl
# Get the slice name ($ARGV[0])
$slice_name=$ARGV[0];
$slice_name=~m/(.*)_(.*)/;
$slice_site=$1;
open PWD, "/etc/passwd";
while () {
if (/$slice_site/) {
print $_;
}
}
close PWD;
vsys-0.8 Many bug fixes. vsys-0.6 Fixed a build issue. vsys-0.5 vsyssh A program that lets slices use native UNIX tools, eg. tail, cat, grep etc. with vsys
scripts.