Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to build read-only version of httpserver-api module for monitoring purposes #820

Closed
wkozaczuk opened this issue Dec 19, 2016 · 2 comments
Closed

Add ability to build read-only version of httpserver-api module for monitoring purposes #820

wkozaczuk opened this issue Dec 19, 2016 · 2 comments
Labels
patch submitted

Comments

@wkozaczuk
Copy link
Collaborator

Currently OSv REST apis provided by httpserver module can be used in all or nothing mode only.

It would be nice for security reasons to limit API to read-only subset (GETs) so that no state modification is possible. In general it should be possible to somehow customize set of available API. Also it would be nice to restrict what part of filesystem file API could access.

One way (static option) to accomplish this could done by enriching httpserver API code with preprocessor #if defined(OS_REBOOT_API_ENABLED) type of expressions. Another way (dynamic option) would be to use some kind of API configuration file specifying what APIs are enabled.
nyh added a commit that referenced this issue Dec 25, 2016
@nyh
build: strip binaries in bootfs as well
c2a67b8 
Before this patch, mkbootfs.py, unlike upload_manifest.py, did not do
stripping. This was leading to unnecessary inflating of the bootfs.
With this patch, shared objects copied to the bootfs are also stripped.

As an example, the image created by "scripts/build image=httpserver"
goes down from 17 MB to 16 MB.

Fixes #667.
Refs #820.

Signed-off-by: Yuri Volchkov <[email protected]>
Signed-off-by: Nadav Har'El <[email protected]>
@nyh
Copy link
Contributor

nyh commented Dec 25, 2016

So, after commit 92c1d82 and commit c2a67b8 the size of the image created by "scripts/build image=httpserver" went down from 25 MB to 16 MB. The libhttpserver.so itself is just 1 MB of this size.

So if you still want to modularize the REST apis for security or something, you can keep this issue open. But if it's only the size which bothered you, I think we can close this issue.

@wkozaczuk
Copy link
Collaborator Author

Very glad to hear about the size. But my main motivation here is security. And I and am leaning toward the preprocessor-#if-type-of-solution as it seems simpler to implement and more in spirit of unikernels (only what you need). But I am interested in opinion of others.
Please keep it open.

myechuri pushed a commit to myechuri/osv that referenced this issue Jun 22, 2017
@nyh @myechuri
build: strip binaries in bootfs as well
896a891 
Before this patch, mkbootfs.py, unlike upload_manifest.py, did not do
stripping. This was leading to unnecessary inflating of the bootfs.
With this patch, shared objects copied to the bootfs are also stripped.

As an example, the image created by "scripts/build image=httpserver"
goes down from 17 MB to 16 MB.

Fixes cloudius-systems#667.
Refs cloudius-systems#820.

Signed-off-by: Yuri Volchkov <[email protected]>
Signed-off-by: Nadav Har'El <[email protected]>
@wkozaczuk wkozaczuk changed the title Modularize REST apis Add ability to build read-only version of httpserver-api module Jun 24, 2018
@wkozaczuk wkozaczuk changed the title Add ability to build read-only version of httpserver-api module Add ability to build read-only version of httpserver-api module for monitoring purposes May 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
patch submitted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nyh @wkozaczuk