I’ve seen a few posts about security extensions for NetBSD over the past several months and most of them build on top of the kauth(9) and secmodel(9) frameworks. I was one of the people who worked on these about twenty years ago (!) and I just wanted to say it’s heartwarming to see people still find our work useful and valuable today. Thank you. :)
I followed your and @blymn's work then, and filed a bug report against veriexec. blymn gently improved the characterization of the problem and fixed it. That led me to start studying lex/yacc, instead of just treating them like magic.
And before anybody speculates too much about Matthias use of "jail-like":
I think this can make a lot of sense, because there are many situations, in particular in embedded systems, where you can and should confine at a much smaller scale than jails are really convenient for.
It will also be interesting to see if "Cells" can make inroads in the territory the original ACL abandoned, because writing the rules was so complex that it amount to parallel meta-anti-software development.
Excuse my ignorance, but does this functionally mean we can treat this as a 'microkernel' a la minix? I always liked the 'tiny protected subsystem' in Ring 0, then a Ring 1 for Drivers (which are restartable, and dynamically loadable), then one or two rings for User processes (maybe Ring 2 for 'ls' etc and Ring 3 for typical user processes).
I am also curious: What hardware enhancements would benefit 'lightweight, kernel-enforced isolation' ? Do we need memory tags? HW Capability Lists? ?
( I believe we've concentrated far too much in making "damn fast pdp-11s" with our hardware advances, and far less on building Reliable Systems -- even if a few percent of peak possible performance is consumed by extra HW. )
This describes it as more lightweight than other options, but the "Declarative Apply Plan" feature actually seems more feature rich than FreeBSD jails. Very cool feature; actually something I would like on the host.
I think the write up and rationale and FAQ are near perfect. It's a KISS pure NetBSD model, it's deliberately reductionist and it discusses reasoning and why it differs or is an analogue of other systems.
I probably won't be using it because my core investment on FreeBSD does what I need but I think it's interesting.
Cell as in jail cell, huh
I’ve seen a few posts about security extensions for NetBSD over the past several months and most of them build on top of the kauth(9) and secmodel(9) frameworks. I was one of the people who worked on these about twenty years ago (!) and I just wanted to say it’s heartwarming to see people still find our work useful and valuable today. Thank you. :)
I followed your and @blymn's work then, and filed a bug report against veriexec. blymn gently improved the characterization of the problem and fixed it. That led me to start studying lex/yacc, instead of just treating them like magic.
Thanks for your work.
And before anybody speculates too much about Matthias use of "jail-like":
I think this can make a lot of sense, because there are many situations, in particular in embedded systems, where you can and should confine at a much smaller scale than jails are really convenient for.
It will also be interesting to see if "Cells" can make inroads in the territory the original ACL abandoned, because writing the rules was so complex that it amount to parallel meta-anti-software development.
Hat tip to Matthias from here.
Cells for NetBSD is an early-stage but steadily maturing system for lightweight, kernel-enforced isolation on NetBSD.
It closes the operational gap between simple chroot environments and full virtualization platforms such as Xen.
Excuse my ignorance, but does this functionally mean we can treat this as a 'microkernel' a la minix? I always liked the 'tiny protected subsystem' in Ring 0, then a Ring 1 for Drivers (which are restartable, and dynamically loadable), then one or two rings for User processes (maybe Ring 2 for 'ls' etc and Ring 3 for typical user processes).
I am also curious: What hardware enhancements would benefit 'lightweight, kernel-enforced isolation' ? Do we need memory tags? HW Capability Lists? ?
( I believe we've concentrated far too much in making "damn fast pdp-11s" with our hardware advances, and far less on building Reliable Systems -- even if a few percent of peak possible performance is consumed by extra HW. )
This describes it as more lightweight than other options, but the "Declarative Apply Plan" feature actually seems more feature rich than FreeBSD jails. Very cool feature; actually something I would like on the host.
I'm far from familiar with Linux, is this very different from cgroups?
It's kind of in the middle? It's doing more than just cgroups, but less than eg. docker.
I think the write up and rationale and FAQ are near perfect. It's a KISS pure NetBSD model, it's deliberately reductionist and it discusses reasoning and why it differs or is an analogue of other systems.
I probably won't be using it because my core investment on FreeBSD does what I need but I think it's interesting.