This patch changes the way of how the client-selected sub directory is
communicated to the server. The former opaque session argument is now
passed as last label element, which allows for the flexible tweaking
of this argument by init's session-routing and label-rewriting
mechansims. In particular, it alleviates the need for creating chroot
component instances.
This change requires the following four adaptations at the
configuration level:
- Each file-system session request must now carry a path starting
with / as last session arguments. Hence, <vfs> <fs> nodes that
feature a 'label' attributes must extend the attribute value
with " -> /". For <fs> nodes with no label attribute, "/" is
used as last label argument by default.
- For matching session-routing rules at init's configuration,
the matching of full labels should be replaced by 'label_prefix'
matches, excluding the last (path) argument.
- Wherever a label of a file-system session is rewritten by using
init's 'label' attribute of a <parent> or <child> target node,
the new attribute 'identity' should be used instead. This replaces
the identity part of the label while preserving the client's
directory argument.
- Analogously to the matching of session-routing rules, server-side
policy-selection rules that formerly matched a concrete 'label'
must be changed to match a 'label_prefix' instead.
As a good practice, 'label_prefix' values should end with " ->" if
possible, which clearly delimits the identity part of the label
used by the matching.
Issue #5445
The version in ui_report and ui_config were merely used for making test output
more readable. However, there are other ways to achieve this goal.
Ref #5190
* adds rekeying and resizing controls to config+report api of file vault
* moves common types of file vault to file_vault/include/file_vault/types.h
to be included by other components
* fixes wrong type of nr_of_clients fields in file_vault
* introduces the file_vault_gui component that is a minimal graphical front end
for the file vault based on the dialog lib and that uses the
config+report api of the file vault as back end
Ref #5190
The nightly Qemu tests that don't use KVM require more time for completing the
unlock-and-access phase of the test. If the lock phase starts to early, the
file access is interrupted and the output isn't as expected.
Furthermore, on FOC, the cap quota was insufficient.
Ref #5148
On some platforms like qemu/x86_64/sel4, accessing the file system is so
slow that it used to hit the timeout of this phase in the run script.
Ref #5148
The script tests the use of an encrypted file system that is created and
provided via the File Vault.
Furthermore the script can be used for test-driving existing File-Vault
containers (created with potentially older File-Vault versions) under the
current File-Vault version. This is done via the "LX_FS_DIR_TEMPLATE"
env variable.
Ref #5062
