More small questions

2015-09-05 Thread Jookia 
Hey again,

Sorry for the single word titles. I don't have Genode installed at the moment,
but I'm curious about some minor things happening in the Genode space.

>From what I've seen it doesn't really have a proper command line shell that can
administer the system interactively. Is this the case, how would one handle
doing tasks like managing daemons, file systems, launching applications in a
system tree? For instance in the future, if I wanted to use a web browser over
Tor I'd somehow have to launch a Tor network service and then have a web browser
use that network service. How would I accomplish that?

In future I'd imagine having a system configuration file specifying a tree like
this for my machine showing services, applications, file systems that are
available to services, GUI launchers, etc to build up a compartmentalized
system.

How hard would it get Fiasco.OC to run a rich GNU/Linux system through
trustzone? I've heard it's possible, but I'm not sure how it'd work in Genode.
I'd really like to have something like to run slow virtual L4Linux systems for
'secure' applications and an untrusted rich system elsewhere. Though perhaps
this is a bad idea, and if it's not doable base-hw will have to do.

Cheers,
Jookia.

--
___
genode-main mailing list
genode-main@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/genode-main

Re: Genode/NOVA+Multiple VMMs Seoul / VBox

2015-09-05 Thread Alexander Boettcher 
Hello,

On 04.09.2015 15:51, Roger Ferreira wrote:
> I am not able to capture any log. 

I fear without any log it will become hard to impossible to get it running.

> I am using a normal x86 desktop computer.

You should, for example, obtain a PCI serial card and attach it - if
your machine hasn't already a serial connector on-board or something
like Intel AMT SOL (SerialOverLAN).

> Regarding the seoul multiboot scheme, I saw it does not allow a ISO, correct?

Yes.

> It seems to expect a bootloader (munich), them the bzImage, an some aditional 
> g
> Actually I have prepared a custom remasterized version of TinyCore with some 
> specific libs / apps.
> It works alone.
> But when I tried to port to seoul, sitill using munich, I donĀ“t have a 
> bzImage.
> I have a vmlinuz, core.gz and my own stuff as TCZ extensions.
> The vmlinuz I customize some files.

For Seoul you have two ways to boot things - either boot a multiboot
compliant kernel, which Linux is not, or boot a VM from a raw disk image.

Munich (as a multiboot kernel) is a small helper to bootstrap a Linux
kernel. Munich expects as first multiboot image the Linux kernel and the
second multiboot image has to be the initial ram disk. (see
http://os.inf.tu-dresden.de/~kauer/oslo/README for pointers to munich)

For the Seoul/Tinycore demo we had to manually squash the core.gz and
all the Firefox browser related files into a initial ram disk
(tc-browser.gz). I fear we didn't documented it well. As far as I
remember it was no fun. Could be - because we don't create for Seoul VMs
regularly. So, we have no ready to use work-flow we could share. Setting
up a VM with Virtualbox is - in that regard - much more user-friendly.

The other option of course is to install your intended VM setup on a
disk - or in a VM on a virtual disk, e.g. use Virtualbox on your
Linux/Windows. Finally use the raw disk image for Seoul - there are ways
to convert a vdi/vmdk image into a raw disk image. A hybrid iso/usb
bootable image should also work in principal as raw disk image - however
never tried.

Just a note - you may need several iterations of Linux kernel
configuration tweaking and rebuilds until you may get it running in
Seoul. Seoul was/is more or less a research VMM and does not support
everything out-of-a-box what a standard Linux distribution kernel
enables/expects from the hardware.

Regards,

Alex.

--
___
genode-main mailing list
genode-main@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/genode-main

Xpra port?

2015-09-05 Thread Jookia 
Hey there,

After disappearing and thinking for a while about how to have some kind of
support for GNU/Linux sandboxes with seamless integration to the window manager.
I've thought a lot about how the Qubes approach does it using shared memory and
Xorg messages but this doesn't work over the network, so I'm starting to wonder
if it'd be better to just use something like Xpra. I'm not sure how big the TCB
of it is versus just passing X messages, but it shouldn't really be that bad if
you only give it access to files shared with the sandboxed system, meaning it'd
be counterproductive to break in to Xpra.

Xpra also plans a Wayland port which might map well. Thoughts?

Jookia.

--
___
genode-main mailing list
genode-main@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/genode-main