[Vm-dev] gitorious / smallharbour question
laurent laffont
laurent.laffont at gmail.com
Tue Aug 16 19:02:12 UTC 2011
>
>
> >
> > On Tue, Aug 16, 2011 at 6:46 PM, Igor Stasenko <siguctua at gmail.com>
> wrote:
> >>
> >> On 16 August 2011 16:42, laurent laffont <laurent.laffont at gmail.com>
> wrote:
> >> >
> >> > Hi,
> >> >
> >> > for SmallHarbour I've cloned cogvm/blessed and then add security
> patches from SeasideHosting. See
> >> > - https://gitorious.org/~laurentlaffont/cogvm/smallharbour
> >> > -
> https://gitorious.org/~laurentlaffont/cogvm/smallharbour/commit/7f45e401f8c805021e3ef06e110e3f079fe6ecc3
> >> >
> >> > What's the best way to stay synchronized with cogvm/blessed commits ?
> >>
> >> Fist you need to add blessed as remote repository:
> >>
> >> git remote add blessed git://gitorious.org/cogvm/blessed.git
> >>
> >> Then you can simply pull changes to your branch:
> >>
> >> git pull blessed
> >>
> >> and it will merge changes automatically. (of course if there's no
> conflicts).
> >>
> >> And then
> >>
> >> git push
> >>
> >> to push updates to your own repository.
> >>
> >> > Is it interesting to adapt this patch for integration in cogvm/blessed
> ?
> >>
> >> Absolutely. All contributions is welcome :)
> >>
> >> > Is this patch good ?
> >> >
> >>
> >> I am a bit out of context. Where i can read a description of what you
> did?
> >
> >
> >
> > First the changes are quite small, originally made by Nestyle (I suppose)
> for SesideHosting.
> > This introduce the use of environment variables to restrict filesystem
> and port access. For example we don't want the hosted image to be able to
> access /etc/passwd or another account files. We don't want that 2 images use
> the same port.
> > So this patch read these environment variables:
> > export SQUEAK_PORT_LO=16400
> > export SQUEAK_PORT_HI=16407
> > export SQUEAK_ROOT_DIR="/service/myaccount/files"
> >
> > so only port between 16400 and 16407 can be opened, only
> /service/myaccount/files can be read/written.
> > Note that in the patch port 25 (SMTP) is always accessible.
> > This is very specific to SeasideHosting/SmallHarbour, so I don't think
> the patch should be apply as it is now in cogvm/blessed, but having such
> functionalities in the VM would be nice IMO.
> >
> > The commit is here - quite easy to read:
> https://gitorious.org/~laurentlaffont/cogvm/smallharbour/commit/7f45e401f8c805021e3ef06e110e3f079fe6ecc3
> > Laurent.
> >
>
> Wait. First you asking if those can be integrated, and then you saying
> that its too specific..
> Do you mean that we should discuss/think about integrating a more
> general form of this functionality?
>
Yes. Sorry for confusion :)
Laurent.
>
> >
> >>
> >> > Laurent Laffont - @lolgzs
> >> >
> >> > Pharo Smalltalk Screencasts: http://www.pharocasts.com/
> >> > Blog: http://magaloma.blogspot.com/
> >> > Developer group: http://cara74.seasidehosting.st
> >> >
> >> >
> >>
> >>
> >>
> >> --
> >> Best regards,
> >> Igor Stasenko AKA sig.
> >
> >
> >
>
>
>
> --
> Best regards,
> Igor Stasenko AKA sig.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20110816/1b16ed7d/attachment.htm
More information about the Vm-dev
mailing list