Thanks for the information, Jan and Dominig. The Vasum video demonstration is very, very cool. Yes, I can imagine that "graphical" containers are a significantly more complicated proposition than headless server containers.
Am I right in thinking that all Vasum and Cynara work is Tizen 3.x only? The model looks quite different for Tizen 2.x - https://wiki.tizen.org/wiki/Security/Tizen_2.X_Architecture - though Smack is still there. >> So as long as you are OK with that I guess you can use them without a problem. >> All needed kernel features are switched on. I think I would like to start my exploration with this simple scenario. But will the appropriate kernel features be enabled in Tizen 2.x, I wonder? Specifically, I have a Gear S2 (2.3.1) and Samsung Z3 (2.4.0) as my test subjects. Will anything be possible in terms of LXC experiments on those devices, I wonder? I'm guessing that I will need to cross-compiler LXC binaries myself for Tizen? https://linuxcontainers.org/lxc/downloads/ BTW - What happened to your builds in October? Not so many test runs happening, eh? :-( https://wiki.tizen.org/wiki/Weekly_test_results_for_Tizen_3.X_security_framework On Mon, Oct 26, 2015 at 5:26 AM, Jan Olszak <[email protected]> wrote: > Hi there! > Indeed we're developing Vasum to provide "graphical" Linux containers for > Tizen (or any other Linux distribution). > It has a rich C/Dbus API and uses LXC under the hood. > > The problem with Docker, LXD, libvirt is that they concentrate on the > server use case. So as long as you are OK with that I guess you can use > them without a problem. All needed kernel features are switched on. > > On Tizen we have "apps" that have "permissions" enforced by Cynara. This > complicates the installation process. > - Security Manager had to integrate with Vasum (master-slave mode) to > enable app installation inside containers. > - "Smack namespaces" are pending integration to the kernel. Every > container will have a separate label mapping. > > > Currently we're working on: > - replacing LXC with our lxcpp library > - integrating with Wayland > - conforming to the Open Container Initiative > > > Some links: > - Wiki: https://wiki.tizen.org/wiki/Security:Vasum > - Github: https://github.com/Samsung/vasum > - Documentation: http://samsung.github.io/vasum/ > - Demo for Fedora: https://www.youtube.com/watch?v=hsNvI9kHTvI > > > Cheers, > Jan Olszak > > > > On 10/26/2015 12:11 PM, Dominig ar Foll (Intel OTC) wrote: > >> Bob, >> >> initial investigation on use of Name spaces has been done by Samsung. >> It is based on lxc. >> Get a look at >> https://wiki.tizen.org/wiki/Security:Vasum:Usage >> >> Dominig ar Foll >> Senior Software Architect >> Open Source Technology Centre >> Intel SSG >> >> Le 26/10/2015 04:08, Bob Summerwill a écrit : >> >>> >>> What support (if any) is missing for Tizen 2.4 and Tizen 3.0 to be able >>> to support LXC or even Docker? >>> >>> I know that there have been efforts in this direction in the past. >>> Just wondering about the current status and any plans/roadmap to support >>> Linux containers? >>> >>> Cheers, >>> Bob Summerwill >>> >>> -- >>> http://www.tizenexperts.com/author/bob-summerwill/ >>> >>> [email protected] <mailto:[email protected]> >>> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> https://lists.tizen.org/listinfo/dev >>> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> https://lists.tizen.org/listinfo/dev >> >> > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev > -- [email protected]
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
