<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div><div class="h5"><br>
><br>
> On Tue, Aug 16, 2011 at 6:46 PM, Igor Stasenko <<a href="mailto:siguctua@gmail.com">siguctua@gmail.com</a>> wrote:<br>
>><br>
>> On 16 August 2011 16:42, laurent laffont <<a href="mailto:laurent.laffont@gmail.com">laurent.laffont@gmail.com</a>> wrote:<br>
>> ><br>
>> > Hi,<br>
>> ><br>
>> > for SmallHarbour I've cloned cogvm/blessed and then add security patches from SeasideHosting. See<br>
>> > - <a href="https://gitorious.org/~laurentlaffont/cogvm/smallharbour" target="_blank">https://gitorious.org/~laurentlaffont/cogvm/smallharbour</a><br>
>> > - <a href="https://gitorious.org/~laurentlaffont/cogvm/smallharbour/commit/7f45e401f8c805021e3ef06e110e3f079fe6ecc3" target="_blank">https://gitorious.org/~laurentlaffont/cogvm/smallharbour/commit/7f45e401f8c805021e3ef06e110e3f079fe6ecc3</a><br>
>> ><br>
>> > What's the best way to stay synchronized with cogvm/blessed commits ?<br>
>><br>
>> Fist you need to add blessed as remote repository:<br>
>><br>
>> git remote add blessed git://<a href="http://gitorious.org/cogvm/blessed.git" target="_blank">gitorious.org/cogvm/blessed.git</a><br>
>><br>
>> Then you can simply pull changes to your branch:<br>
>><br>
>> git pull blessed<br>
>><br>
>> and it will merge changes automatically. (of course if there's no conflicts).<br>
>><br>
>> And then<br>
>><br>
>> git push<br>
>><br>
>> to push updates to your own repository.<br>
>><br>
>> > Is it interesting to adapt this patch for integration in cogvm/blessed ?<br>
>><br>
>> Absolutely. All contributions is welcome :)<br>
>><br>
>> > Is this patch good ?<br>
>> ><br>
>><br>
>> I am a bit out of context. Where i can read a description of what you did?<br>
><br>
><br>
><br>
> First the changes are quite small, originally made by Nestyle (I suppose) for SesideHosting.<br>
> This introduce the use of environment variables to restrict filesystem and port access. For example we don't want the hosted image to be able to access /etc/passwd or another account files. We don't want that 2 images use the same port.<br>
> So this patch read these environment variables:<br>
> export SQUEAK_PORT_LO=16400<br>
> export SQUEAK_PORT_HI=16407<br>
> export SQUEAK_ROOT_DIR="/service/myaccount/files"<br>
><br>
> so only port between 16400 and 16407 can be opened, only /service/myaccount/files can be read/written.<br>
> Note that in the patch port 25 (SMTP) is always accessible.<br>
> This is very specific to SeasideHosting/SmallHarbour, so I don't think the patch should be apply as it is now in cogvm/blessed, but having such functionalities in the VM would be nice IMO.<br>
><br>
> The commit is here - quite easy to read: <a href="https://gitorious.org/~laurentlaffont/cogvm/smallharbour/commit/7f45e401f8c805021e3ef06e110e3f079fe6ecc3" target="_blank">https://gitorious.org/~laurentlaffont/cogvm/smallharbour/commit/7f45e401f8c805021e3ef06e110e3f079fe6ecc3</a><br>
> Laurent.<br>
><br>
<br>
</div></div>Wait. First you asking if those can be integrated, and then you saying<br>
that its too specific..<br>
Do you mean that we should discuss/think about integrating a more<br>
general form of this functionality?<br></blockquote><div><br></div><div><br></div><div>Yes. Sorry for confusion :)</div><div><br></div><div>Laurent.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im"><br>
><br>
>><br>
>> > Laurent Laffont - @lolgzs<br>
>> ><br>
>> > Pharo Smalltalk Screencasts: <a href="http://www.pharocasts.com/" target="_blank">http://www.pharocasts.com/</a><br>
>> > Blog: <a href="http://magaloma.blogspot.com/" target="_blank">http://magaloma.blogspot.com/</a><br>
>> > Developer group: <a href="http://cara74.seasidehosting.st" target="_blank">http://cara74.seasidehosting.st</a><br>
>> ><br>
>> ><br>
>><br>
>><br>
>><br>
>> --<br>
>> Best regards,<br>
>> Igor Stasenko AKA sig.<br>
><br>
><br>
><br>
<br>
<br>
<br>
</div>--<br>
<div><div></div><div class="h5">Best regards,<br>
Igor Stasenko AKA sig.<br>
</div></div></blockquote></div><br>