Re: [qubes-users] Running rkt containers directly on zen?
Yes, thanks, I have installed Mirage Firewall. Some more info that might interest people here. I got some answers from a developer of stage1-xen rkt: https://github.com/rkt/stage1-xen/issues/1#issuecomment-356764768 Also in December Xen launched a new initiative for unikernals, called unikraft. This is an initiative to make a standard for unikernels that makes development and deployment of them easier: https://www.xenproject.org/developers/teams/unikraft.html Im looking forward to a time where most things in Qubes will be running in unikernels rather than in full Linux. Imagine having a unikernel that does all sanitation and validation of data that gets sent cross domain, well documented, tested written in Rust for performance and safety, with a whitelist approach, rather than all of those python, bash and C scripts doing their own sanitation and validation. It would be much more sane in terms of security, much easier to audit, ... What about wayland in a unikernel, the graphics drivers, ...? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8a739e97-ef08-55aa-a70c-ff018d74ff58%40autistici.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Running rkt containers directly on zen?
On Mon, Jan 01, 2018 at 01:40:00PM +, Naja Melan wrote: > Hi, > > While searching on the internet I stumbled onto this: > > https://github.com/rkt/stage1-xen > > Would this work on qubes? Anyone already doing it? > > Also found some stuff about rumprun unikernels allowing directly running any > posix app on xen. It seems awfully quiet about such initiatives, which > puzzles me because surely being able to run applications in total isolation > without the overhead (memory, disk, cpu) of a full linux install is very > interesting for something like qubes right? > > What is the current state of affairs? > > Naja Melan > There's actually been some discussion on unikernels for at least the last 2 years, both in qubes-users and qubes-devel. Thomas Leonard has implemented a minimal sys-firewall as a MirageOS-based unikernel: - http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/ - https://github.com/talex5/qubes-mirage-firewall and recently, (19/12/2017) announced v 0.4 on this list -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180103013411.xrqa3f5dkdjyusag%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
