info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Tutorial On Rump Kernel Servers and Clients
7 views
Skip to first unread message
sehnsucht
Feb 7, 2022, 8:11:09 AM2/7/22
to
I was curious to learn more about practical use cases for rump kernels
in everyday computing and found this amazing guide on the NetBSD docs,
which, as a matter of fact, I had somehow managed to miss until now.
The document provides a proof of concept for many interesting
implementations of rump kernels in user space for unprivileged users,
accounting for some of their top features which include portability (to
other OSs), modularity, reproducibility and standardization, isolation
,attack surface reduction and possibility to perform certain tasks
without root privileges in a secure manner.
I find particularly compelling the idea of restricting Firefox to its
own TCP stack.
https://www.netbsd.org/docs/rump/sptut.html
--
“Hell is empty and all the devils are here.„
in everyday computing and found this amazing guide on the NetBSD docs,
which, as a matter of fact, I had somehow managed to miss until now.
The document provides a proof of concept for many interesting
implementations of rump kernels in user space for unprivileged users,
accounting for some of their top features which include portability (to
other OSs), modularity, reproducibility and standardization, isolation
,attack surface reduction and possibility to perform certain tasks
without root privileges in a secure manner.
I find particularly compelling the idea of restricting Firefox to its
own TCP stack.
https://www.netbsd.org/docs/rump/sptut.html
--
“Hell is empty and all the devils are here.„
rtr
Feb 12, 2022, 2:00:11 PM2/12/22
to
makes me think of some creative applications to it. Now, I just need the
hardware to install it on.
--
Ang kalayaan ay dili gihatag, ini'y giabot.
--
{gemini,gopher}://kalayaan.xyz
sehnsucht
Feb 14, 2022, 4:14:24 PM2/14/22
to
Sul meriggio di 120222 07:40,
rtr <r...@haraya.invalid> enarrava tali parole:
even more than other BSDs...but at least less than Solaris.
I'm definitely going to attempt this rump kernel -based sandboxing and
write a post about it :)
Another loosely related netbsd-born thing you might like is sandboxctl
https://github.com/jmmv/sandboxctl
rtr <r...@haraya.invalid> enarrava tali parole:
> This sounds very interesting. I have never tried NetBSD but reading that
> makes me think of some creative applications to it. Now, I just need the
> hardware to install it on.
>
My thinkpad x250 works really well with it. But yes, NetBSD is picky,
> makes me think of some creative applications to it. Now, I just need the
> hardware to install it on.
>
even more than other BSDs...but at least less than Solaris.
I'm definitely going to attempt this rump kernel -based sandboxing and
write a post about it :)
Another loosely related netbsd-born thing you might like is sandboxctl
https://github.com/jmmv/sandboxctl
rtr
Feb 15, 2022, 9:21:56 AM2/15/22
to
I think as long as I am running a Thinkpad I should be alright? But I've
been lurking in the mailing list for quite some time but there doesn't
seem to be as much activity there. I've been mulling over the thought of
either running it in a spare Thinkpad or just build a desktop for it.
What do you think?
sehnsucht
Feb 16, 2022, 9:49:05 AM2/16/22
to
Sul meriggio di 150222 07:27,
which BSDers care about. Fact is that the variety of hardware components
has shrinked significantly over the years and that common configurations
(netbook, laptop, mobile workstation) tend to overlap across
manufacturers. While I really like thinkpads, I've run NetBSD on all
sorts of high end and consumer grade laptops, including those from
Toshiba, Fujitsu, and a Samsung one which used to be 100% supported
(bluetooth) included back in the day.
I got the impression OpenBSD folks are somehow picky about sticking to
thinkpads, since OpenBSD developers seemingly always opt for thinkpads
and that's what they mean by 'eating their own dogfood'. Reality is that
as long as you choose a laptop from a notoriously *nix -friendly company
(HP, Dell, Lenovo...in the past Toshiba), possibly few years old (3-5),
chances are high for hardware support to be acceptably good.
That NetBSD's hardware support is years behind the others is another
widely spread misconception. True, the graphics stack was pretty old up
until recently (and still is on 9.x); newer models are unlikely to be
supported but through the generic 2d-accelerated framebuffer driver on
9.x. And even on current, there's still significant ongoing work
so it's not like the updated drivers are really 100% stable already.
As you might have seen in another thread here, currently the drm/kms
code in NetBSD (9.x) is still based on that of Linux 4.4, which means
no amdgpu, no support for intel chips beyond SkyLake and no support for
nvidia beyond 9xx (and even 9xx was not so supported well by that
version of nouveau at the time when it was ported). The good news is
that in -10 the updated drivers (from Linux 5.6) will most likely be
included.
drm is hard and given the limited manpower of NetBSD, it's mostly a
single developer to take care of it, which means updates for graphics
only happen once in a while in the NetBSD land, and you have to wait, or
run -current, or stick to older models.
Wifi support is really similar to that of OpenBSD (there's continuous
cross-pollination in this field between the 2 BSDs).
In addition, you get decent bluetooth support, nvidia support and good
power management (finely tunable via the powerd(8) scripts).
Some additional features which come in handy even on desktop are FFSv2
journaling, FFSv2 snapshots, as well as ZFS, LVM, CHFS, compat_linux,
wine, tmpfs, the dk(4) system, which is somewhat similar to FreeBSD's
GEOM, and very good virtualization.
See wiki.netbsd.org/laptops for laptops nd search for a couple of really
useful theads on UnitedBSD discussing the topic.
As for a desktop, I'd buy a relatively old Dell/HP/Lenovo workstation.
Used one are cheap (even the coolest ones with Xeon CPUs), and you'll
prevent useless waste.
As for other architectures (desktop-wise), aarch64 (Pinebook /
RockPro64), macppc, i386, sparc64 and alpha all have very good support.
NetBSD performance is ok - to - good, somewhere between FreeBSD and
OpenBSD, but definitely not comparable to Linux'. One field where NetBSD
really shines however is performance / lightweight ratio, whereby you
can't go wrong by putting it on a old x86 laptop (and eve nuse it as a
daily driver) or an embedded board.
> But I've
> been lurking in the mailing list for quite some time but there doesn't
> seem to be as much activity there.
Well community is not as large as that of other BSDs, and users are less
inclined to 'be social' and spend their spare time in OS advocacy. netbsd-users,
current-users and tech-kern are fairly active mailing lists. The #netbsd
irc channel on Libera Chat and the UnitedBSD forum are also very active.
There's also an official telegram group, which sees some interesting
debates from time to time, as well as a dedicated subreddit.
Cheers!
rtr <r...@haraya.invalid> enarrava tali parole:
> I think as long as I am running a Thinkpad I should be alright?
> I've been mulling over the thought of either running it in a spare
> Thinkpad or just build a desktop for it.
There's this myth about thinkpads being the only usable sort of laptops
> Thinkpad or just build a desktop for it.
which BSDers care about. Fact is that the variety of hardware components
has shrinked significantly over the years and that common configurations
(netbook, laptop, mobile workstation) tend to overlap across
manufacturers. While I really like thinkpads, I've run NetBSD on all
sorts of high end and consumer grade laptops, including those from
Toshiba, Fujitsu, and a Samsung one which used to be 100% supported
(bluetooth) included back in the day.
I got the impression OpenBSD folks are somehow picky about sticking to
thinkpads, since OpenBSD developers seemingly always opt for thinkpads
and that's what they mean by 'eating their own dogfood'. Reality is that
as long as you choose a laptop from a notoriously *nix -friendly company
(HP, Dell, Lenovo...in the past Toshiba), possibly few years old (3-5),
chances are high for hardware support to be acceptably good.
That NetBSD's hardware support is years behind the others is another
widely spread misconception. True, the graphics stack was pretty old up
until recently (and still is on 9.x); newer models are unlikely to be
supported but through the generic 2d-accelerated framebuffer driver on
9.x. And even on current, there's still significant ongoing work
so it's not like the updated drivers are really 100% stable already.
As you might have seen in another thread here, currently the drm/kms
code in NetBSD (9.x) is still based on that of Linux 4.4, which means
no amdgpu, no support for intel chips beyond SkyLake and no support for
nvidia beyond 9xx (and even 9xx was not so supported well by that
version of nouveau at the time when it was ported). The good news is
that in -10 the updated drivers (from Linux 5.6) will most likely be
included.
drm is hard and given the limited manpower of NetBSD, it's mostly a
single developer to take care of it, which means updates for graphics
only happen once in a while in the NetBSD land, and you have to wait, or
run -current, or stick to older models.
Wifi support is really similar to that of OpenBSD (there's continuous
cross-pollination in this field between the 2 BSDs).
In addition, you get decent bluetooth support, nvidia support and good
power management (finely tunable via the powerd(8) scripts).
Some additional features which come in handy even on desktop are FFSv2
journaling, FFSv2 snapshots, as well as ZFS, LVM, CHFS, compat_linux,
wine, tmpfs, the dk(4) system, which is somewhat similar to FreeBSD's
GEOM, and very good virtualization.
See wiki.netbsd.org/laptops for laptops nd search for a couple of really
useful theads on UnitedBSD discussing the topic.
As for a desktop, I'd buy a relatively old Dell/HP/Lenovo workstation.
Used one are cheap (even the coolest ones with Xeon CPUs), and you'll
prevent useless waste.
As for other architectures (desktop-wise), aarch64 (Pinebook /
RockPro64), macppc, i386, sparc64 and alpha all have very good support.
NetBSD performance is ok - to - good, somewhere between FreeBSD and
OpenBSD, but definitely not comparable to Linux'. One field where NetBSD
really shines however is performance / lightweight ratio, whereby you
can't go wrong by putting it on a old x86 laptop (and eve nuse it as a
daily driver) or an embedded board.
> But I've
> been lurking in the mailing list for quite some time but there doesn't
> seem to be as much activity there.
inclined to 'be social' and spend their spare time in OS advocacy. netbsd-users,
current-users and tech-kern are fairly active mailing lists. The #netbsd
irc channel on Libera Chat and the UnitedBSD forum are also very active.
There's also an official telegram group, which sees some interesting
debates from time to time, as well as a dedicated subreddit.
Cheers!
rtr
Feb 17, 2022, 2:00:06 AM2/17/22
to
sehnsucht <sehn...@SDF.ORG> writes:
> Sul meriggio di 150222 07:27,
> rtr <r...@haraya.invalid> enarrava tali parole:
>> I think as long as I am running a Thinkpad I should be alright?
>> I've been mulling over the thought of either running it in a spare
>> Thinkpad or just build a desktop for it.
>
> There's this myth about thinkpads being the only usable sort of laptops
> which BSDers care about. Fact is that the variety of hardware components
> has shrinked significantly over the years and that common configurations
> (netbook, laptop, mobile workstation) tend to overlap across
> manufacturers. While I really like thinkpads, I've run NetBSD on all
> sorts of high end and consumer grade laptops, including those from
> Toshiba, Fujitsu, and a Samsung one which used to be 100% supported
> (bluetooth) included back in the day.
>
> I got the impression OpenBSD folks are somehow picky about sticking to
> thinkpads, since OpenBSD developers seemingly always opt for thinkpads
> and that's what they mean by 'eating their own dogfood'. Reality is that
> as long as you choose a laptop from a notoriously *nix -friendly company
> (HP, Dell, Lenovo...in the past Toshiba), possibly few years old (3-5),
> chances are high for hardware support to be acceptably good.
>
Yeah, I think I am a bit spoiled with OpenBSD since I'm running a
> Sul meriggio di 150222 07:27,
> rtr <r...@haraya.invalid> enarrava tali parole:
>> I think as long as I am running a Thinkpad I should be alright?
>> I've been mulling over the thought of either running it in a spare
>> Thinkpad or just build a desktop for it.
>
> There's this myth about thinkpads being the only usable sort of laptops
> which BSDers care about. Fact is that the variety of hardware components
> has shrinked significantly over the years and that common configurations
> (netbook, laptop, mobile workstation) tend to overlap across
> manufacturers. While I really like thinkpads, I've run NetBSD on all
> sorts of high end and consumer grade laptops, including those from
> Toshiba, Fujitsu, and a Samsung one which used to be 100% supported
> (bluetooth) included back in the day.
>
> I got the impression OpenBSD folks are somehow picky about sticking to
> thinkpads, since OpenBSD developers seemingly always opt for thinkpads
> and that's what they mean by 'eating their own dogfood'. Reality is that
> as long as you choose a laptop from a notoriously *nix -friendly company
> (HP, Dell, Lenovo...in the past Toshiba), possibly few years old (3-5),
> chances are high for hardware support to be acceptably good.
>
thinkpad. The only I had with it is there's no bluetooth support. But I
don't really use any bluetooth stuff aside from a keyboard so there's
that.
to see whether it is worth running over FreeBSD. It looks like most of
the stuff that I care about are supported in NetBSD.
> See wiki.netbsd.org/laptops for laptops nd search for a couple of really
> useful theads on UnitedBSD discussing the topic.
> As for a desktop, I'd buy a relatively old Dell/HP/Lenovo workstation.
> Used one are cheap (even the coolest ones with Xeon CPUs), and you'll
> prevent useless waste.
>
> As for other architectures (desktop-wise), aarch64 (Pinebook /
> RockPro64), macppc, i386, sparc64 and alpha all have very good support.
> NetBSD performance is ok - to - good, somewhere between FreeBSD and
> OpenBSD, but definitely not comparable to Linux'. One field where NetBSD
> really shines however is performance / lightweight ratio, whereby you
> can't go wrong by putting it on a old x86 laptop (and eve nuse it as a
> daily driver) or an embedded board.
>
couple up from the parts. I will probably try NetBSD on one of those.
>> But I've
>> been lurking in the mailing list for quite some time but there doesn't
>> seem to be as much activity there.
>
> Well community is not as large as that of other BSDs, and users are less
> inclined to 'be social' and spend their spare time in OS advocacy. netbsd-users,
> current-users and tech-kern are fairly active mailing lists. The #netbsd
> irc channel on Libera Chat and the UnitedBSD forum are also very active.
> There's also an official telegram group, which sees some interesting
> debates from time to time, as well as a dedicated subreddit.
>
> Cheers!
subscribing to current-users too.
Thanks for the brief primer, cheers!
0 new messages