[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] vchan/xenstore in Qubes r3

On 22 June 2014 12:00, Dave Scott <Dave.Scott@xxxxxxxxxx> wrote:
>
> On 22 Jun 2014, at 11:44, Thomas Leonard <talex5@xxxxxxxxx> wrote:
>
>> On 21 June 2014 15:53, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote:
>>> On 21 Jun 2014, at 10:02, Thomas Leonard <talex5@xxxxxxxxx> wrote:
>>>
>>>> On 21 June 2014 08:58, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote:
>>>>> A very interesting article from Joanna on the new r3 alpha of QubesOS.
>>>>>
>>>>> http://theinvisiblethings.blogspot.in/2013/06/qubes-os-r3-alpha-preview-odyssey-hal.html
>>>>>
>>>>> - Qubes uses upstream Xen vchan now, which means that we "should" 
>>>>> interoperate with the ocaml-vchan library.
>>>>>
>>>>> - They've replaced Xenstore with a simpler transport that removes 
>>>>> permissions and uses vchan under the hood.  This is also something that 
>>>>> should be easier to do with Dave's oxenstore+irmin, since many of the 
>>>>> components such as xenstore_transport are functorized, and of Irmin can 
>>>>> serialize to several formats including Git, for reconciliation with 
>>>>> external databases.
>>>>>
>>>>> - Qubes looks like an excellent candidate for a 'unikernel' desktop OS!  
>>>>> I'm going to try it when I hunt down a PC laptop, but if anyone else gets 
>>>>> a chance I'd be interested in hearing about it.
>>>>
>>>> I haven't tried the new alpha, but I tried the previous version of
>>>> Qubes on my new laptop when it first arrived (actually, being able to
>>>> try Qubes was one of the reasons I wanted a laptop with Intel
>>>> graphics).
>>>
>>> Woops, this was indeed a year-old blog post as Dave points out.  It's
>>> still being very actively developed though:
>>>
>>> http://www.qubes-os.org/trac/timeline
>>>
>>>>
>>>> One interesting thing for Mirage: they have a separate domain (NetVM)
>>>> for network drivers, and another for the firewall (FirewallVM):
>>>>
>>>> http://wiki.qubes-os.org/trac/wiki/QubesFirewall
>>>>
>>>> FirewallVM is a complete Linux system and requires several hundred MB,
>>>> as shown in this screenshot:
>>>>
>>>> http://wiki.qubes-os.org/trac/attachment/wiki/QubesScreenshots/r2b2-software-update.png
>>>
>>> That is an interesting application indeed!  The other thing that would
>>> be useful is a key management VM (which could expose an ssh-agent-like
>>> socket proxy via vchan into another domain, to protect against kernel
>>> exploits revealing).
>>>
>>>>
>>>> In the end, I only tried it for a few hours before wiping it and
>>>> installing Arch instead. Some other problems were that there is no
>>>> tiling window manager available, and you can't run VirtualBox on Xen.
>>>> Qubes doesn't offer graphics acceleration for guests (due to the focus
>>>> on security), which would probably mess up gotomeeting.
>>>
>>> Out of curiosity, are you running Xen on your laptop at the moment
>>> (and if so, which distribution do you use?).  I haven't set it up for
>>> a while, but everyone I talk to seems to have issues with power
>>> management, although pv_ops does allegedly support passing this through
>>> from dom0->Xen without issue.
>>
>> On the laptop I don't run Xen directly. For testing, I run it under
>> Virtual Box (Mirage works fine that way, but I can't run HVM guests).
>>
>> I still have power issues though! If I suspend the host, then the Xen
>> VM dies for some reason and needs to be rebooted.
>>
>> I am tempted to run Xen directly on the laptop, but I suspect it
>> wouldn't be as slick for graphical guests (pointer and clipboard
>> integration, graphics acceleration, etc). I tried running Windows
>> under KVM with virt-manager and it wasn't very usable. I imagine Xen
>> would be the same.
>
> For Linux guests Iâve heard good things about SPICE with KVM, including 
> support for resolution changing and multiple monitors. The SPICE code is 
> mainly in Linux and in qemu, so Xen systems should be able to use it too 
> (although I hear this might need some fixes only present in Xen 4.5)
>
> For Windows guests I use RDP quite a lot, although I bet itâs not smoothly 
> integrated into virt-manager.
>
> Iâve not tried it, but you could try windows SPICE drivers:
>
> http://www.spice-space.org/download.html

I think I was using SPICE with KVM, but it didn't seem as smooth as
with Virtual Box.

I just tried installing Xen from Arch, but then my laptop wouldn't
boot. I couldn't use the laptop keyboard, and the external keyboard
didn't work when connected through an external hub. After connecting
it directly I could type, but X wouldn't start. I suspect this is the
fault of the Arch Xen package, as Qubes did work on the same machine,
but I think I'll stick to VB for now...


-- 
Dr Thomas Leonard        http://0install.net/
GPG: 9242 9807 C985 3C07 44A6  8B9A AE07 8280 59A5 3CC1
GPG: DA98 25AE CAD0 8975 7CDA  BD8E 0713 3F96 CA74 D8BA

_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.