From rrprabhu at gmail.com Tue Feb 17 07:47:03 2009 From: rrprabhu at gmail.com (Raghavendra Prabhu) Date: Tue, 17 Feb 2009 00:47:03 -0600 Subject: [Devel] Application server question Message-ID: I did see that the source code is 12 MB. Why is the applicaiion server that is downloaded from 493 MB from the OVD ubuntu apt list. What is the reason why you are not able to use the native system and the package is so big. Is the entire base-polaris-latest.tar.gz deflated? Why is this so and what application does it include Prabhu -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ulteo.com/pipermail/devel/attachments/20090217/d5fa9f7b/attachment.htm From gauvain at ulteo.com Tue Feb 17 08:16:08 2009 From: gauvain at ulteo.com (Gauvain Pocentek) Date: Tue, 17 Feb 2009 08:16:08 +0100 Subject: [Devel] Application server question In-Reply-To: References: Message-ID: <499A6438.4010403@ulteo.com> Hi, Raghavendra Prabhu wrote: > I did see that the source code is 12 MB. > > Why is the applicaiion server that is downloaded from 493 MB from the > OVD ubuntu apt list. What is the reason why you are not able to use the > native system and the package is so big. It's not a matter of being able to, it's a matter of choice. The tgz is uncompressed during installation, to provide an ulteo based chroot. The users sessions are run inside this chroot. This allows to clearly separate the OVD services and the desktop system the user will see. Using chroots to provide services is very common in the server world (ftp servers often use this technic), the first reason I see being the security. If the chroot gets compromised, this won't affect the host system. It's also a way to provide a single base system that can be installed on any modern linux distribution (debian, ubuntu, redhat...). So you can install the host of your choice, this won't affect the chroot and the way it is used in the OVD farm. > > Is the entire base-polaris-latest.tar.gz deflated? Why is this so and > what application does it include It's a linux OS, including standard tools, the ulteo desktop, openoffice, firefox... Regards, Gauvain Pocentek From rouzaud.jonathan at gmail.com Tue Feb 17 09:23:39 2009 From: rouzaud.jonathan at gmail.com (Jonathan Rouzaud-Cornabas) Date: Tue, 17 Feb 2009 09:23:39 +0100 Subject: [Devel] Application server question In-Reply-To: <499A6438.4010403@ulteo.com> References: <499A6438.4010403@ulteo.com> Message-ID: <8df962a0902170023v164e77a0h40083c4046587364@mail.gmail.com> The argument of easy installs is true but the one for security is false. chroot is not a security facility ! It is pretty easy to evade a chroot unless you used PaX (and it is not enough) but it's still not a security system. On Tue, Feb 17, 2009 at 8:16 AM, Gauvain Pocentek wrote: > Hi, > > Raghavendra Prabhu wrote: > > I did see that the source code is 12 MB. > > > > Why is the applicaiion server that is downloaded from 493 MB from the > > OVD ubuntu apt list. What is the reason why you are not able to use the > > native system and the package is so big. > > It's not a matter of being able to, it's a matter of choice. The tgz is > uncompressed during installation, to provide an ulteo based chroot. The > users > sessions are run inside this chroot. This allows to clearly separate the > OVD > services and the desktop system the user will see. > Using chroots to provide services is very common in the server world (ftp > servers often use this technic), the first reason I see being the security. > If > the chroot gets compromised, this won't affect the host system. > It's also a way to provide a single base system that can be installed on > any > modern linux distribution (debian, ubuntu, redhat...). So you can install > the > host of your choice, this won't affect the chroot and the way it is used in > the > OVD farm. > > > > > Is the entire base-polaris-latest.tar.gz deflated? Why is this so and > > what application does it include > > It's a linux OS, including standard tools, the ulteo desktop, openoffice, > firefox... > > Regards, > Gauvain Pocentek > _______________________________________________ > Devel mailing list > Devel at ulteo.com > http://mailman.ulteo.com/cgi-bin/listinfo/devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ulteo.com/pipermail/devel/attachments/20090217/e7cf16ef/attachment.htm From gauvain at ulteo.com Tue Feb 17 09:30:17 2009 From: gauvain at ulteo.com (Gauvain Pocentek) Date: Tue, 17 Feb 2009 09:30:17 +0100 Subject: [Devel] Application server question In-Reply-To: <8df962a0902170023v164e77a0h40083c4046587364@mail.gmail.com> References: <499A6438.4010403@ulteo.com> <8df962a0902170023v164e77a0h40083c4046587364@mail.gmail.com> Message-ID: <499A7599.2040204@ulteo.com> Jonathan Rouzaud-Cornabas wrote: > The argument of easy installs is true but the one for security is false. > > chroot is not a security facility ! It is pretty easy to evade a chroot > unless you used PaX (and it is not enough) but it's still not a security > system. True, but having a chroot helps. > > On Tue, Feb 17, 2009 at 8:16 AM, Gauvain Pocentek > wrote: > > Hi, > > Raghavendra Prabhu wrote: > > I did see that the source code is 12 MB. > > > > Why is the applicaiion server that is downloaded from 493 MB from the > > OVD ubuntu apt list. What is the reason why you are not able to > use the > > native system and the package is so big. > > It's not a matter of being able to, it's a matter of choice. The tgz is > uncompressed during installation, to provide an ulteo based chroot. > The users > sessions are run inside this chroot. This allows to clearly separate > the OVD > services and the desktop system the user will see. > Using chroots to provide services is very common in the server world > (ftp > servers often use this technic), the first reason I see being the > security. If > the chroot gets compromised, this won't affect the host system. > It's also a way to provide a single base system that can be > installed on any > modern linux distribution (debian, ubuntu, redhat...). So you can > install the > host of your choice, this won't affect the chroot and the way it is > used in the > OVD farm. > > > > > Is the entire base-polaris-latest.tar.gz deflated? Why is this so and > > what application does it include > > It's a linux OS, including standard tools, the ulteo desktop, > openoffice, firefox... > > Regards, > Gauvain Pocentek > _______________________________________________ > Devel mailing list > Devel at ulteo.com > http://mailman.ulteo.com/cgi-bin/listinfo/devel > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Devel mailing list > Devel at ulteo.com > http://mailman.ulteo.com/cgi-bin/listinfo/devel From gduval at ulteo.com Tue Feb 17 10:47:46 2009 From: gduval at ulteo.com (=?ISO-8859-1?Q?Ga=EBl_Duval?=) Date: Tue, 17 Feb 2009 10:47:46 +0100 Subject: [Devel] Application server question In-Reply-To: <8df962a0902170023v164e77a0h40083c4046587364@mail.gmail.com> References: <499A6438.4010403@ulteo.com> <8df962a0902170023v164e77a0h40083c4046587364@mail.gmail.com> Message-ID: <499A87C2.5040806@ulteo.com> Hi Jonathan, Raghavendra, as Gauvain said, the first benefit of the debian-based chroot is making the system easier to maintain and upgrade, and also to have it run on various plateforms without modifying the host system. For instance, the OVD ApS server can be installed on a RHEL or a CentOS host, making a full debian system run in parallel of the host OS. This would be much more difficult to handle without using the chroot facility. Security is a different matter, but using a chroot helps for security. It's not a perfect security feature, of course, as perfect security doesn't even exist, but it helps by adding a level of difficulty. Yes it's possible to escape a chroot, but it's not that easy, especially when you can hardly run shell commands nor run an executable script that you would place on your home directory. Last but not the least, you may have noticed that we are shipping a RSBAC-enabled kernel and OVD-related security rules that can be used to jail processes for each user. That's still a higher level of security and if we're requested to do so we can still go higher with RSBAC. Gauvain will love it :) Regards Ga?l. Jonathan Rouzaud-Cornabas a ?crit : > The argument of easy installs is true but the one for security is false. > > chroot is not a security facility ! It is pretty easy to evade a chroot > unless you used PaX (and it is not enough) but it's still not a security > system. > > On Tue, Feb 17, 2009 at 8:16 AM, Gauvain Pocentek > wrote: > > Hi, > > Raghavendra Prabhu wrote: > > I did see that the source code is 12 MB. > > > > Why is the applicaiion server that is downloaded from 493 MB from the > > OVD ubuntu apt list. What is the reason why you are not able to > use the > > native system and the package is so big. > > It's not a matter of being able to, it's a matter of choice. The tgz is > uncompressed during installation, to provide an ulteo based chroot. > The users > sessions are run inside this chroot. This allows to clearly separate > the OVD > services and the desktop system the user will see. > Using chroots to provide services is very common in the server world > (ftp > servers often use this technic), the first reason I see being the > security. If > the chroot gets compromised, this won't affect the host system. > It's also a way to provide a single base system that can be > installed on any > modern linux distribution (debian, ubuntu, redhat...). So you can > install the > host of your choice, this won't affect the chroot and the way it is > used in the > OVD farm. > > > > > Is the entire base-polaris-latest.tar.gz deflated? Why is this so and > > what application does it include > > It's a linux OS, including standard tools, the ulteo desktop, > openoffice, firefox... > > Regards, > Gauvain Pocentek > _______________________________________________ > Devel mailing list > Devel at ulteo.com > http://mailman.ulteo.com/cgi-bin/listinfo/devel > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Devel mailing list > Devel at ulteo.com > http://mailman.ulteo.com/cgi-bin/listinfo/devel -- < Founder Ulteo - http://www.ulteo.com > < Founder Mandrake Linux - (Now "Mandriva") > < Blog: http://www.indidea.org/gael/blog/ > < Sign and encrypt emails with GPG! My key id: 0x8B0301E2 > From rrprabhu at gmail.com Wed Feb 18 01:27:20 2009 From: rrprabhu at gmail.com (Raghavendra Prabhu) Date: Tue, 17 Feb 2009 18:27:20 -0600 Subject: [Devel] Application server question In-Reply-To: <499A87C2.5040806@ulteo.com> References: <499A6438.4010403@ulteo.com> <8df962a0902170023v164e77a0h40083c4046587364@mail.gmail.com> <499A87C2.5040806@ulteo.com> Message-ID: That explains it and also the chroot-apps and util in the source code. Is there a build system for the entire build which builds the entire application? or the reason that since the core ulteo system is only the session and application server, changes can be made only to this and installed. So for any contrib purpose, you will just change the session and app server code and test it, Prabhu On Tue, Feb 17, 2009 at 3:47 AM, Ga?l Duval wrote: > Hi Jonathan, Raghavendra, > > as Gauvain said, the first benefit of the debian-based chroot is making > the system easier to maintain and upgrade, and also to have it run on > various plateforms without modifying the host system. For instance, the > OVD ApS server can be installed on a RHEL or a CentOS host, making a > full debian system run in parallel of the host OS. This would be much > more difficult to handle without using the chroot facility. > > Security is a different matter, but using a chroot helps for security. > It's not a perfect security feature, of course, as perfect security > doesn't even exist, but it helps by adding a level of difficulty. Yes > it's possible to escape a chroot, but it's not that easy, especially > when you can hardly run shell commands nor run an executable script that > you would place on your home directory. > > Last but not the least, you may have noticed that we are shipping a > RSBAC-enabled kernel and OVD-related security rules that can be used to > jail processes for each user. That's still a higher level of security > and if we're requested to do so we can still go higher with RSBAC. > Gauvain will love it :) > > Regards > > Ga?l. > > Jonathan Rouzaud-Cornabas a ?crit : > > The argument of easy installs is true but the one for security is false. > > > > chroot is not a security facility ! It is pretty easy to evade a chroot > > unless you used PaX (and it is not enough) but it's still not a security > > system. > > > > On Tue, Feb 17, 2009 at 8:16 AM, Gauvain Pocentek > > wrote: > > > > Hi, > > > > Raghavendra Prabhu wrote: > > > I did see that the source code is 12 MB. > > > > > > Why is the applicaiion server that is downloaded from 493 MB from > the > > > OVD ubuntu apt list. What is the reason why you are not able to > > use the > > > native system and the package is so big. > > > > It's not a matter of being able to, it's a matter of choice. The tgz > is > > uncompressed during installation, to provide an ulteo based chroot. > > The users > > sessions are run inside this chroot. This allows to clearly separate > > the OVD > > services and the desktop system the user will see. > > Using chroots to provide services is very common in the server world > > (ftp > > servers often use this technic), the first reason I see being the > > security. If > > the chroot gets compromised, this won't affect the host system. > > It's also a way to provide a single base system that can be > > installed on any > > modern linux distribution (debian, ubuntu, redhat...). So you can > > install the > > host of your choice, this won't affect the chroot and the way it is > > used in the > > OVD farm. > > > > > > > > Is the entire base-polaris-latest.tar.gz deflated? Why is this so > and > > > what application does it include > > > > It's a linux OS, including standard tools, the ulteo desktop, > > openoffice, firefox... > > > > Regards, > > Gauvain Pocentek > > _______________________________________________ > > Devel mailing list > > Devel at ulteo.com > > http://mailman.ulteo.com/cgi-bin/listinfo/devel > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Devel mailing list > > Devel at ulteo.com > > http://mailman.ulteo.com/cgi-bin/listinfo/devel > > > -- > < Founder Ulteo - http://www.ulteo.com > > < Founder Mandrake Linux - (Now "Mandriva") > > < Blog: http://www.indidea.org/gael/blog/ > > < Sign and encrypt emails with GPG! My key id: 0x8B0301E2 > > _______________________________________________ > Devel mailing list > Devel at ulteo.com > http://mailman.ulteo.com/cgi-bin/listinfo/devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ulteo.com/pipermail/devel/attachments/20090217/c08af416/attachment.htm From rrprabhu at gmail.com Sat Feb 21 18:43:55 2009 From: rrprabhu at gmail.com (Raghavendra Prabhu) Date: Sat, 21 Feb 2009 11:43:55 -0600 Subject: [Devel] Advanced setting Message-ID: What is the advanced Application setting? Currently the Application setting is Full Desktop What is this for? I saw that this was not configurable. Or there any other options that you can provide here. Thanks, Prabhu -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ulteo.com/pipermail/devel/attachments/20090221/16482f81/attachment.htm From gduval at ulteo.com Mon Feb 23 15:34:57 2009 From: gduval at ulteo.com (=?ISO-8859-1?Q?Ga=EBl_Duval?=) Date: Mon, 23 Feb 2009 15:34:57 +0100 Subject: [Devel] Ulteo OVD source code SVN access Message-ID: <49A2B411.3080601@ulteo.com> Hi, following recent user demand, we have opened a public SVN access for the Ulteo Open Virtual Desktop development where all our code is committed in real time. You can check it out at: svn checkout https://svn.ulteo.com/ovd/ Greets Ga?l. -- < Founder Ulteo - http://www.ulteo.com > < Founder Mandrake Linux - (Now "Mandriva") > < Blog: http://www.indidea.org/gael/blog/ > < Sign and encrypt emails with GPG! My key id: 0x8B0301E2 > From aegir at free.fr Mon Feb 23 18:56:22 2009 From: aegir at free.fr (herve lefebvre) Date: Mon, 23 Feb 2009 18:56:22 +0100 Subject: [Devel] Ulteo OVD source code SVN access In-Reply-To: <49A2B411.3080601@ulteo.com> References: <49A2B411.3080601@ulteo.com> Message-ID: <200902231856.22741.aegir@free.fr> Le Monday 23 February 2009 15:34:57 Ga?l Duval, vous avez ?crit?: > following recent user demand, we have opened a public SVN access for the > Ulteo Open Virtual Desktop development where all our code is committed > in real time. You can check it out at: > svn checkout https://svn.ulteo.com/ovd/ Congratulations !