|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [MirageOS-devel] vchan/xenstore in Qubes r3
On 22 Jun 2014, at 11:44, Thomas Leonard <talex5@xxxxxxxxx> wrote: > On 21 June 2014 15:53, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote: >> On 21 Jun 2014, at 10:02, Thomas Leonard <talex5@xxxxxxxxx> wrote: >> >>> On 21 June 2014 08:58, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote: >>>> A very interesting article from Joanna on the new r3 alpha of QubesOS. >>>> >>>> http://theinvisiblethings.blogspot.in/2013/06/qubes-os-r3-alpha-preview-odyssey-hal.html >>>> >>>> - Qubes uses upstream Xen vchan now, which means that we "should" >>>> interoperate with the ocaml-vchan library. >>>> >>>> - They've replaced Xenstore with a simpler transport that removes >>>> permissions and uses vchan under the hood. This is also something that >>>> should be easier to do with Dave's oxenstore+irmin, since many of the >>>> components such as xenstore_transport are functorized, and of Irmin can >>>> serialize to several formats including Git, for reconciliation with >>>> external databases. >>>> >>>> - Qubes looks like an excellent candidate for a 'unikernel' desktop OS! >>>> I'm going to try it when I hunt down a PC laptop, but if anyone else gets >>>> a chance I'd be interested in hearing about it. >>> >>> I haven't tried the new alpha, but I tried the previous version of >>> Qubes on my new laptop when it first arrived (actually, being able to >>> try Qubes was one of the reasons I wanted a laptop with Intel >>> graphics). >> >> Woops, this was indeed a year-old blog post as Dave points out. It's >> still being very actively developed though: >> >> http://www.qubes-os.org/trac/timeline >> >>> >>> One interesting thing for Mirage: they have a separate domain (NetVM) >>> for network drivers, and another for the firewall (FirewallVM): >>> >>> http://wiki.qubes-os.org/trac/wiki/QubesFirewall >>> >>> FirewallVM is a complete Linux system and requires several hundred MB, >>> as shown in this screenshot: >>> >>> http://wiki.qubes-os.org/trac/attachment/wiki/QubesScreenshots/r2b2-software-update.png >> >> That is an interesting application indeed! The other thing that would >> be useful is a key management VM (which could expose an ssh-agent-like >> socket proxy via vchan into another domain, to protect against kernel >> exploits revealing). >> >>> >>> In the end, I only tried it for a few hours before wiping it and >>> installing Arch instead. Some other problems were that there is no >>> tiling window manager available, and you can't run VirtualBox on Xen. >>> Qubes doesn't offer graphics acceleration for guests (due to the focus >>> on security), which would probably mess up gotomeeting. >> >> Out of curiosity, are you running Xen on your laptop at the moment >> (and if so, which distribution do you use?). I haven't set it up for >> a while, but everyone I talk to seems to have issues with power >> management, although pv_ops does allegedly support passing this through >> from dom0->Xen without issue. > > On the laptop I don't run Xen directly. For testing, I run it under > Virtual Box (Mirage works fine that way, but I can't run HVM guests). > > I still have power issues though! If I suspend the host, then the Xen > VM dies for some reason and needs to be rebooted. > > I am tempted to run Xen directly on the laptop, but I suspect it > wouldn't be as slick for graphical guests (pointer and clipboard > integration, graphics acceleration, etc). I tried running Windows > under KVM with virt-manager and it wasn't very usable. I imagine Xen > would be the same. For Linux guests I’ve heard good things about SPICE with KVM, including support for resolution changing and multiple monitors. The SPICE code is mainly in Linux and in qemu, so Xen systems should be able to use it too (although I hear this might need some fixes only present in Xen 4.5) For Windows guests I use RDP quite a lot, although I bet it’s not smoothly integrated into virt-manager. I’ve not tried it, but you could try windows SPICE drivers: http://www.spice-space.org/download.html Cheers, Dave _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |
