Re: [qubes-users] Running rkt containers directly on zen?
Yes, thanks, I have installed Mirage Firewall. Some more info that might interest people here. I got some answers from a developer of stage1-xen rkt: https://github.com/rkt/stage1-xen/issues/1#issuecomment-356764768 Also in December Xen launched a new initiative for unikernals, called unikraft. This is an initiative to make a standard for unikernels that makes development and deployment of them easier: https://www.xenproject.org/developers/teams/unikraft.html Im looking forward to a time where most things in Qubes will be running in unikernels rather than in full Linux. Imagine having a unikernel that does all sanitation and validation of data that gets sent cross domain, well documented, tested written in Rust for performance and safety, with a whitelist approach, rather than all of those python, bash and C scripts doing their own sanitation and validation. It would be much more sane in terms of security, much easier to audit, ... What about wayland in a unikernel, the graphics drivers, ...? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8a739e97-ef08-55aa-a70c-ff018d74ff58%40autistici.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Running rkt containers directly on zen?
On Mon, Jan 01, 2018 at 01:40:00PM +, Naja Melan wrote: > Hi, > > While searching on the internet I stumbled onto this: > > https://github.com/rkt/stage1-xen > > Would this work on qubes? Anyone already doing it? > > Also found some stuff about rumprun unikernels allowing directly running any > posix app on xen. It seems awfully quiet about such initiatives, which > puzzles me because surely being able to run applications in total isolation > without the overhead (memory, disk, cpu) of a full linux install is very > interesting for something like qubes right? > > What is the current state of affairs? > > Naja Melan > There's actually been some discussion on unikernels for at least the last 2 years, both in qubes-users and qubes-devel. Thomas Leonard has implemented a minimal sys-firewall as a MirageOS-based unikernel: - http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/ - https://github.com/talex5/qubes-mirage-firewall and recently, (19/12/2017) announced v 0.4 on this list -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180103013411.xrqa3f5dkdjyusag%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Running rkt containers directly on zen?
Hi, While searching on the internet I stumbled onto this: https://github.com/rkt/stage1-xen Would this work on qubes? Anyone already doing it? Also found some stuff about rumprun unikernels allowing directly running any posix app on xen. It seems awfully quiet about such initiatives, which puzzles me because surely being able to run applications in total isolation without the overhead (memory, disk, cpu) of a full linux install is very interesting for something like qubes right? What is the current state of affairs? Naja Melan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4df77270-1ac2-2d7d-63d1-9fc8eb372cbb%40autistici.org. For more options, visit https://groups.google.com/d/optout.