Running rkt containers directly on zen?
50 views
Skip to first unread message
Naja Melan
Jan 1, 2018, 12:35:32 PM1/1/18
to qubes...@googlegroups.com
Hi,
While searching on the internet I stumbled onto this:
https://github.com/rkt/stage1-xen
Would this work on qubes? Anyone already doing it?
Also found some stuff about rumprun unikernels allowing directly running any posix app on xen. It seems awfully quiet about such initiatives, which puzzles me because surely being able to run applications in total isolation without the overhead (memory, disk, cpu) of a full linux install is very interesting for something like qubes right?
What is the current state of affairs?
Naja Melan
While searching on the internet I stumbled onto this:
https://github.com/rkt/stage1-xen
Would this work on qubes? Anyone already doing it?
Also found some stuff about rumprun unikernels allowing directly running any posix app on xen. It seems awfully quiet about such initiatives, which puzzles me because surely being able to run applications in total isolation without the overhead (memory, disk, cpu) of a full linux install is very interesting for something like qubes right?
What is the current state of affairs?
Naja Melan
Unman
Jan 2, 2018, 8:34:12 PM1/2/18
to Naja Melan, qubes...@googlegroups.com
last 2 years, both in qubes-users and qubes-devel.
Thomas Leonard has implemented a minimal sys-firewall as a MirageOS-based unikernel:
- http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/
- https://github.com/talex5/qubes-mirage-firewall
and recently, (19/12/2017) announced v 0.4 on this list
Naja Melan
Jan 10, 2018, 8:21:48 PM1/10/18
to qubes...@googlegroups.com
Yes,
thanks, I have installed Mirage Firewall.
Some more info that might interest people here. I got some answers from a developer of stage1-xen rkt:
https://github.com/rkt/stage1-xen/issues/1#issuecomment-356764768
Also in December Xen launched a new initiative for unikernals, called unikraft. This is an initiative to make a standard for unikernels that makes development and deployment of them easier:
https://www.xenproject.org/developers/teams/unikraft.html
Im looking forward to a time where most things in Qubes will be running in unikernels rather than in full Linux.
Imagine having a unikernel that does all sanitation and validation of data that gets sent cross domain, well documented, tested written in Rust for performance and safety, with a whitelist approach, rather than all of those python, bash and C scripts doing their own sanitation and validation.
It would be much more sane in terms of security, much easier to audit, ...
What about wayland in a unikernel, the graphics drivers, ...?
thanks, I have installed Mirage Firewall.
Some more info that might interest people here. I got some answers from a developer of stage1-xen rkt:
https://github.com/rkt/stage1-xen/issues/1#issuecomment-356764768
Also in December Xen launched a new initiative for unikernals, called unikraft. This is an initiative to make a standard for unikernels that makes development and deployment of them easier:
https://www.xenproject.org/developers/teams/unikraft.html
Im looking forward to a time where most things in Qubes will be running in unikernels rather than in full Linux.
Imagine having a unikernel that does all sanitation and validation of data that gets sent cross domain, well documented, tested written in Rust for performance and safety, with a whitelist approach, rather than all of those python, bash and C scripts doing their own sanitation and validation.
It would be much more sane in terms of security, much easier to audit, ...
What about wayland in a unikernel, the graphics drivers, ...?
Reply all
Reply to author
Forward
0 new messages