[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] vchan/xenstore in Qubes r3

On 21 Jun 2014, at 10:02, Thomas Leonard <talex5@xxxxxxxxx> wrote:

> On 21 June 2014 08:58, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote:
>> A very interesting article from Joanna on the new r3 alpha of QubesOS.
>> 
>> http://theinvisiblethings.blogspot.in/2013/06/qubes-os-r3-alpha-preview-odyssey-hal.html
>> 
>> - Qubes uses upstream Xen vchan now, which means that we "should" 
>> interoperate with the ocaml-vchan library.
>> 
>> - They've replaced Xenstore with a simpler transport that removes 
>> permissions and uses vchan under the hood.  This is also something that 
>> should be easier to do with Dave's oxenstore+irmin, since many of the 
>> components such as xenstore_transport are functorized, and of Irmin can 
>> serialize to several formats including Git, for reconciliation with external 
>> databases.
>> 
>> - Qubes looks like an excellent candidate for a 'unikernel' desktop OS!  I'm 
>> going to try it when I hunt down a PC laptop, but if anyone else gets a 
>> chance I'd be interested in hearing about it.
> 
> I haven't tried the new alpha, but I tried the previous version of
> Qubes on my new laptop when it first arrived (actually, being able to
> try Qubes was one of the reasons I wanted a laptop with Intel
> graphics).

Woops, this was indeed a year-old blog post as Dave points out.  It's
still being very actively developed though: 

http://www.qubes-os.org/trac/timeline

> 
> One interesting thing for Mirage: they have a separate domain (NetVM)
> for network drivers, and another for the firewall (FirewallVM):
> 
> http://wiki.qubes-os.org/trac/wiki/QubesFirewall
> 
> FirewallVM is a complete Linux system and requires several hundred MB,
> as shown in this screenshot:
> 
> http://wiki.qubes-os.org/trac/attachment/wiki/QubesScreenshots/r2b2-software-update.png

That is an interesting application indeed!  The other thing that would
be useful is a key management VM (which could expose an ssh-agent-like
socket proxy via vchan into another domain, to protect against kernel
exploits revealing).

> 
> In the end, I only tried it for a few hours before wiping it and
> installing Arch instead. Some other problems were that there is no
> tiling window manager available, and you can't run VirtualBox on Xen.
> Qubes doesn't offer graphics acceleration for guests (due to the focus
> on security), which would probably mess up gotomeeting.

Out of curiosity, are you running Xen on your laptop at the moment
(and if so, which distribution do you use?).  I haven't set it up for
a while, but everyone I talk to seems to have issues with power
management, although pv_ops does allegedly support passing this through
from dom0->Xen without issue.

-anil
_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.