Fwd: Re: makedumpfile security key enhancement using SIAL

Aravinda Prasad aravinda at linux.vnet.ibm.com
Tue Apr 3 07:33:32 EDT 2012 

Hello Kumagai-san,

On Friday 30 March 2012 08:32 AM, Atsushi Kumagai wrote:
> Hello Aravinda,
>
> On Thu, 22 Mar 2012 22:56:30 +0530
> Aravinda Prasad<aravinda at linux.vnet.ibm.com>  wrote:
>
>> On Wednesday 21 March 2012 12:13 PM, Atsushi Kumagai wrote:
>>> Hello Aravinda,
>>>
>>> I have two questions, could you answer me ?
>>>
>>> First, what problems do you have about the current format of makedumpfile.conf ?
>>
>> Even though makedumpfile.conf is capable of filtering out data from the
>> vmocore, it is not possible to specify and erase complex
>> data-structures. For example it is not possible to traverse a nested
>> list or a tree and then erase a particular node based on some
>> conditions. Extending makedumpfile.conf to support these would require
>> implementing a lot of language constructs. But we can reuse SIAL
>> instead of extending makedumpfile.conf.
>>
>>> Second, what benefits do you expect from using SIAL ? I can't imagine
>>> specific benefits with using SIAL now.
>>
>> SIAL can be used as a language construct to specify rules/commands to
>> erase data in the image file. The makedumpfile would interpret the
>> rules/commands provided by SIAL macros with the help of SIAL library
>> and would suitably erase the required data in the dump file. As SIAL
>> provides a lot of language constructs like conditional statements,
>> logical and arithmetic operators, nested loops, functions etc, it would
>> be possible to traverse nested lists and trees and conditionally erase
>> data in the dump file, enabling users to literally erase any data in
>> the dump file.
>
> Thank you for your explanation.
> It seems good to specify rules with SIAL.
>
> If makedumpfile uses SIAL library, I will discard the current format of
> makedumpfile.conf to reduce the size of source code.
> What do you think about it ?
>

I will come up with a prototype for integrating SIAL with makedumpfile
and then we can discuss whether to discard the existing
makedumpfile.conf format or not. Because the planned makedumpfile
enhancement with SIAL could use some infrastructure provided by
existing implementation like code to erase data in dump file and also
the makedumpfile.conf file can be used to specify SIAL macros.

Regards,
Aravinda

>
> Thanks
> Atsushi Kumagai
>

More information about the kexec mailing list