Re: Mirage Hello World (Re: Building mirage-www)

[Anil Madhavapeddy <anil@xxxxxxxxxx>]

On 11 Sep 2013, at 09:38, Richard Mortier <Richard.Mortier@xxxxxxxxxxxxxxxx> 
wrote:

>> 
>> I'm fixing this slightly differently in my Mirari rewrite -- the generated 
>> binary now links to a UNIX library that implements the logic for it to 
>> self-fork and acquire its privileges.  This should reduce the coupling on 
>> Mirari for anything beyond build, and leave deployment other scripts.
> 
> don't follow - this means "mirari run" will no longer exist, will no longer 
> exist for xen, or that the mirari output will effectively encapsulate 
> whatever "mirari run" would've done? (or something else?)

It just means that you can run the UNIX binary directly, without absolutely 
having to go through `mirari run` (which currently fd passes tuntap descriptors 
to the child).  I'm still figuring out exactly how this looks, but I'm aiming 
to make the UNIX process "lifecycle" as similar to Xen as possible -- that is, 
you can start/stop/suspend/resume a UNIX process, with the appropriate 
callbacks in the main code.

This would let us, for example, do a 'mirari list' and see all running Mirage 
UNIX processes, assuming that we have a central scoreboard on each machine for 
the processes to live.  It also makes privilege separation (via Capsicum for 
example) much easier to integrate.

-anil