sync them with network devices. so far, the policy contains "block device capacity" and "bridge names" that are allowed for the arc.
now, a unikernel_create gets a list of :, i.e. "--bridge external:public" or "--bridge internal:management" (or "--bridge public") -- meaning in order: acquire a tap device on bridge "public", and pass "--net:external=" to the tender; acquire a tap device on bridge "management" and pass "--net:internal=" to the tender; acquire a tap device on bridge "public" and pass "--net:public=" to the tender.
the block devices are all kept in "dbdir/block/", so block_add & remove take the arc (from ca chain / header) and create the specified device. this directory is read at startup. now, if a unikernel image 'test' requires "block device 'foo'" (in the com.example domain): dbdir/block/com.example.foo is used -- and passed to the tender -- there's no way to use block device "dbdir/block/com.example.bar" instead. and this is what should be cleaned up (similar to how bridges are passed by having a pair with a string option: "--block foo:bar" should be possible)
sync them with network devices. so far, the policy contains "block device capacity" and "bridge names" that are allowed for the arc.
now, a unikernel_create gets a list of:, i.e. "--bridge external:public" or "--bridge internal:management" (or "--bridge public") -- meaning in order: acquire a tap device on bridge "public", and pass "--net:external=" to the tender; acquire a tap device on bridge "management" and pass "--net:internal=" to the tender; acquire a tap device on bridge "public" and pass "--net:public=" to the tender.
the block devices are all kept in "dbdir/block/", so block_add & remove take the arc (from ca chain / header) and create the specified device. this directory is read at startup. now, if a unikernel image 'test' requires "block device 'foo'" (in the com.example domain): dbdir/block/com.example.foo is used -- and passed to the tender -- there's no way to use block device "dbdir/block/com.example.bar" instead. and this is what should be cleaned up (similar to how bridges are passed by having a pair with a string option: "--block foo:bar" should be possible)