|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [MirageOS-devel] Mirage threads on qubes-users
On 4/10/19 6:54 AM, Thomas Leonard wrote: There are quite a lot of threads about mirage on the qubes-users list at the moment. Feel free to jump in... https://groups.google.com/forum/#!topic/qubes-users/xfnVdd1Plvk (qubes-mirage-firewall 0.5) https://groups.google.com/forum/#!topic/qubes-users/Tb0SGEznJhs (qubes-mirage-firewall chaining) https://groups.google.com/forum/#!topic/qubes-users/BnL0nZGpJOE (Looking to edit rules.ml of my mirage-firewall VM but since I cannot run shell, IDK what to do) https://groups.google.com/forum/#!topic/qubes-users/GOC_VpIzu3A (just dreaming: mirage-tor ?) In particular,https://groups.google.com/d/msg/qubes-users/xfnVdd1Plvk/H7oApN9rCQAJ is asking about PVH and I'm not sure what to say about that. Thanks for drawing attention to this -- I've been elbow-deep in tricky ICMP error cases with @linse this week and didn't want to page that out, but I'm now coming up for air. Some folks here might also be interested in an update on where exactly the unikraft/PVH/Xen-background work sits. There are a few separate threads of work going on:1. build a Xen support library from the unikraft project's platform, instead of Mini-OS (heretofore "xenplat") 2. build and link ocaml-freestanding against "xenplat", replacing the mirage-xen-posix and mirage-xen-ocaml packages in the mirage-platform repo 3. build mirage-xen on top of ocaml-freestanding and xenplat 4. deliver PVH support, in addition to PV support, in the new Xen stack1, 2, and 3 are not strict prerequisites for 4, but they are crucial for keeping a maintainable Xen stack in the future. Instead of building more work on top of our Mini-OS fork (represented in the mirage-xen-minios opam package), I did a bunch of work on 1, 2, and 3 (probably now requiring rebasing again, as I last did so during the retreat in March). TL;DR - it sort of works, it's not quite ready for prime time; I've needed to do a couple days more of work on it for about a month. The progress on 1, 2, and 3 gives enough of a working build stack to get to the point where Marek from QubesOS was able to contribute a bunch of work on 4 at the hack retreat, for which I'm extremely grateful. Discussion on upstreaming that work in unikraft is ongoing on the minios-devel mailing list: you can see it at https://lists.xenproject.org/archives/html/minios-devel/2019-04/msg00146.html . I'm also not quite sure what to say about that to someone who just wants to know when they can get rid of the big red warning message in qubes-qube-manager about how insecure PV is. "WIP; stay tuned" is the TL;DR though. -Mindy _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |