[Vm-dev] gitorious / smallharbour question

Igor Stasenko siguctua at gmail.com
Tue Aug 16 18:58:03 UTC 2011 

On 16 August 2011 20:50, laurent laffont <laurent.laffont at gmail.com> wrote:
>
>
> Laurent Laffont - @lolgzs
>
> Pharo Smalltalk Screencasts: http://www.pharocasts.com/
> Blog: http://magaloma.blogspot.com/
> Developer group: http://cara74.seasidehosting.st
>
>
> On Tue, Aug 16, 2011 at 6:46 PM, Igor Stasenko <siguctua at gmail.com> wrote:
>>
>> On 16 August 2011 16:42, laurent laffont <laurent.laffont at gmail.com> wrote:
>> >
>> > Hi,
>> >
>> > for SmallHarbour I've cloned cogvm/blessed and then add security patches from SeasideHosting. See
>> > - https://gitorious.org/~laurentlaffont/cogvm/smallharbour
>> > - https://gitorious.org/~laurentlaffont/cogvm/smallharbour/commit/7f45e401f8c805021e3ef06e110e3f079fe6ecc3
>> >
>> > What's the best way to stay synchronized with cogvm/blessed commits ?
>>
>> Fist you need to add blessed as remote repository:
>>
>> git remote add blessed git://gitorious.org/cogvm/blessed.git
>>
>> Then you can simply pull changes to your branch:
>>
>> git pull blessed
>>
>> and it will merge changes automatically. (of course if there's no conflicts).
>>
>> And then
>>
>> git push
>>
>> to push updates to your own repository.
>>
>> > Is it interesting to adapt this patch for integration in cogvm/blessed ?
>>
>> Absolutely. All contributions is welcome :)
>>
>> > Is this patch good ?
>> >
>>
>> I am a bit out of context. Where i can read a description of what you did?
>
>
>
> First the changes are quite small, originally made by Nestyle (I suppose) for SesideHosting.
> This introduce the use of environment variables to restrict filesystem and port access. For example we don't want the hosted image to be able to access /etc/passwd or another account files. We don't want that 2 images use the same port.
> So this patch read these environment variables:
> export SQUEAK_PORT_LO=16400
> export SQUEAK_PORT_HI=16407
> export SQUEAK_ROOT_DIR="/service/myaccount/files"
>
> so only port between 16400 and 16407 can be opened, only /service/myaccount/files can be read/written.
> Note that in the patch port 25 (SMTP) is always accessible.
> This is very specific to SeasideHosting/SmallHarbour, so I don't think the patch should be apply as it is now in cogvm/blessed, but having such functionalities in the VM would be nice IMO.
>
> The commit is here - quite easy to read: https://gitorious.org/~laurentlaffont/cogvm/smallharbour/commit/7f45e401f8c805021e3ef06e110e3f079fe6ecc3
> Laurent.
>

Wait. First you asking if those can be integrated, and then you saying
that its too specific..
Do you mean that we should discuss/think about integrating a more
general form of this functionality?

>
>>
>> > Laurent Laffont - @lolgzs
>> >
>> > Pharo Smalltalk Screencasts: http://www.pharocasts.com/
>> > Blog: http://magaloma.blogspot.com/
>> > Developer group: http://cara74.seasidehosting.st
>> >
>> >
>>
>>
>>
>> --
>> Best regards,
>> Igor Stasenko AKA sig.
>
>
>



-- 
Best regards,
Igor Stasenko AKA sig.

More information about the Vm-dev mailing list