GSoC proposal: Hypervisor choice on the upcoming Qubes R4.0 release
76 views
Skip to first unread message
Honest Achmed
Apr 1, 2017, 5:34:10 AM4/1/17
to qubes...@googlegroups.com
# Introduction
Beginning with Qubes R3.0, the Odyssey framework and a Hypervisor Abstraction
Layer [1] were introduced. They allow to easily use new and innovative isolation
providers. As the project is moving closer to R4.0 release, I propose to choose
systemd [2] as the sole isolation provider in the next Qubes OS release.
# Advantages
Systemd is a modern, verticaly integrated hypervisor, with more features and
better hardware compatibility. It has many security features [3]. Systemd also
has very robust vulnerability track record. This is a result of concious
development strategy to keep systemd minimal and avoid mission creep. As the
principal systemd maintainer commented:
> We do not put libc and the kernel in the same repository, just the basic
> things. [4]
# Work plan
There are many systemd features, which can be used right away:
- PrivateTmp=, which, according to the cited work, allows for controlling IPC
access between different services. I plan to use it as a platform for new
Qrexec.
- PrivateDevices=, and DeviceAllow= will be used instead of UsbVM.
- PrivateNetwork= will be used instead of the current networking setup.
- Last but not least, state-of-the art chroot(2) support throught RootDirectory=
will allow for fine grained resource control of all processes in all AppVMs.
There are other advantages, which will result in actually _less_ future work,
which do need to be acted upon. For instance, the team will be able to skip
StorageVM development thanks to such configuration options like ProtectHome=,
ProtectSystem= and InaccessibleDirectories=. Also, during FOSDEM I heard
unconfirmed rumorus that there is pending effort to merge some equivalents of
GUI-domain [5] into systemd.
There are many other possible endavours, which I am happy to discuss further.
However the above seem to be just right amount of work for one student.
# Future directions
As part of R4.0 release cycle the project should adopt systemd's update
strategy. For the first step the Xen hypervisor shall no longer be supported,
effective immediately, and users should migrate to the shiny thing, now. In
documentation I will also not hesitate to use epithets like "legacy",
"deprecated" and "obsolete".
I look forward to have Qubes OS merged into systemd OS.
[1] https://theinvisiblethings.blogspot.nl/2013/03/introducing-qubes-odyssey-framework.html
[2] https://www.freedesktop.org/wiki/Software/systemd/
[3] http://0pointer.net/public/systemd-nluug-2014.pdf
[4] https://www.linuxvoice.com/interview-lennart-poettering/
[5] https://wayland.freedesktop.org/
--
Honest Achmed
100% Honest
Beginning with Qubes R3.0, the Odyssey framework and a Hypervisor Abstraction
Layer [1] were introduced. They allow to easily use new and innovative isolation
providers. As the project is moving closer to R4.0 release, I propose to choose
systemd [2] as the sole isolation provider in the next Qubes OS release.
# Advantages
Systemd is a modern, verticaly integrated hypervisor, with more features and
better hardware compatibility. It has many security features [3]. Systemd also
has very robust vulnerability track record. This is a result of concious
development strategy to keep systemd minimal and avoid mission creep. As the
principal systemd maintainer commented:
> We do not put libc and the kernel in the same repository, just the basic
> things. [4]
# Work plan
There are many systemd features, which can be used right away:
- PrivateTmp=, which, according to the cited work, allows for controlling IPC
access between different services. I plan to use it as a platform for new
Qrexec.
- PrivateDevices=, and DeviceAllow= will be used instead of UsbVM.
- PrivateNetwork= will be used instead of the current networking setup.
- Last but not least, state-of-the art chroot(2) support throught RootDirectory=
will allow for fine grained resource control of all processes in all AppVMs.
There are other advantages, which will result in actually _less_ future work,
which do need to be acted upon. For instance, the team will be able to skip
StorageVM development thanks to such configuration options like ProtectHome=,
ProtectSystem= and InaccessibleDirectories=. Also, during FOSDEM I heard
unconfirmed rumorus that there is pending effort to merge some equivalents of
GUI-domain [5] into systemd.
There are many other possible endavours, which I am happy to discuss further.
However the above seem to be just right amount of work for one student.
# Future directions
As part of R4.0 release cycle the project should adopt systemd's update
strategy. For the first step the Xen hypervisor shall no longer be supported,
effective immediately, and users should migrate to the shiny thing, now. In
documentation I will also not hesitate to use epithets like "legacy",
"deprecated" and "obsolete".
I look forward to have Qubes OS merged into systemd OS.
[1] https://theinvisiblethings.blogspot.nl/2013/03/introducing-qubes-odyssey-framework.html
[2] https://www.freedesktop.org/wiki/Software/systemd/
[3] http://0pointer.net/public/systemd-nluug-2014.pdf
[4] https://www.linuxvoice.com/interview-lennart-poettering/
[5] https://wayland.freedesktop.org/
--
Honest Achmed
100% Honest
Tai...@gmx.com
Apr 1, 2017, 5:48:22 AM4/1/17
to Honest Achmed, qubes...@googlegroups.com
Haha you got me for a second.
Does anyone else think it is a little strange that all the major distros
suddenly adopted SystemD a few years back?
Does anyone else think it is a little strange that all the major distros
suddenly adopted SystemD a few years back?
Reply all
Reply to author
Forward
0 new messages