|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [MirageOS-devel] vchan/xenstore in Qubes r3
On 21 June 2014 15:53, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote: > On 21 Jun 2014, at 10:02, Thomas Leonard <talex5@xxxxxxxxx> wrote: > >> On 21 June 2014 08:58, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote: >>> A very interesting article from Joanna on the new r3 alpha of QubesOS. >>> >>> http://theinvisiblethings.blogspot.in/2013/06/qubes-os-r3-alpha-preview-odyssey-hal.html >>> >>> - Qubes uses upstream Xen vchan now, which means that we "should" >>> interoperate with the ocaml-vchan library. >>> >>> - They've replaced Xenstore with a simpler transport that removes >>> permissions and uses vchan under the hood. This is also something that >>> should be easier to do with Dave's oxenstore+irmin, since many of the >>> components such as xenstore_transport are functorized, and of Irmin can >>> serialize to several formats including Git, for reconciliation with >>> external databases. >>> >>> - Qubes looks like an excellent candidate for a 'unikernel' desktop OS! >>> I'm going to try it when I hunt down a PC laptop, but if anyone else gets a >>> chance I'd be interested in hearing about it. >> >> I haven't tried the new alpha, but I tried the previous version of >> Qubes on my new laptop when it first arrived (actually, being able to >> try Qubes was one of the reasons I wanted a laptop with Intel >> graphics). > > Woops, this was indeed a year-old blog post as Dave points out. It's > still being very actively developed though: > > http://www.qubes-os.org/trac/timeline > >> >> One interesting thing for Mirage: they have a separate domain (NetVM) >> for network drivers, and another for the firewall (FirewallVM): >> >> http://wiki.qubes-os.org/trac/wiki/QubesFirewall >> >> FirewallVM is a complete Linux system and requires several hundred MB, >> as shown in this screenshot: >> >> http://wiki.qubes-os.org/trac/attachment/wiki/QubesScreenshots/r2b2-software-update.png > > That is an interesting application indeed! The other thing that would > be useful is a key management VM (which could expose an ssh-agent-like > socket proxy via vchan into another domain, to protect against kernel > exploits revealing). > >> >> In the end, I only tried it for a few hours before wiping it and >> installing Arch instead. Some other problems were that there is no >> tiling window manager available, and you can't run VirtualBox on Xen. >> Qubes doesn't offer graphics acceleration for guests (due to the focus >> on security), which would probably mess up gotomeeting. > > Out of curiosity, are you running Xen on your laptop at the moment > (and if so, which distribution do you use?). I haven't set it up for > a while, but everyone I talk to seems to have issues with power > management, although pv_ops does allegedly support passing this through > from dom0->Xen without issue. On the laptop I don't run Xen directly. For testing, I run it under Virtual Box (Mirage works fine that way, but I can't run HVM guests). I still have power issues though! If I suspend the host, then the Xen VM dies for some reason and needs to be rebooted. I am tempted to run Xen directly on the laptop, but I suspect it wouldn't be as slick for graphical guests (pointer and clipboard integration, graphics acceleration, etc). I tried running Windows under KVM with virt-manager and it wasn't very usable. I imagine Xen would be the same. -- Dr Thomas Leonard http://0install.net/ GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1 GPG: DA98 25AE CAD0 8975 7CDA BD8E 0713 3F96 CA74 D8BA _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |
