Capability security in linux: genode / systemd

[dckc]

how analagous is cloudabi to noux?

how about https://github.com/seL4/refos ?

mem_map looks tricky.

https://github.com/genodelabs/genode/blob/master/repos/ports/src/lib/libc_noux/plugin.cc#L1025

slide 11 of https://www.slideshare.net/sartakov/genode-compositions

Related

• 144

• 49

[dckc]

2020-05-28 Genode OS Framework 20.05 with Capability-based security using seccomp on Linux, https://genode.org/documentation/release-notes/20.05#Capability-based_security_using_seccomp_on_Linux

"All Genode processes get restricted to just 25 syscalls on x86," https://github.com/genodelabs/genode/blob/78497c03ca3640e78a6d6f21be2bbd6a446dd458/tool/seccomp/seccomp_bpf_compiler.h#L84

[dckc]

genodepkgs, take 2

~ehmry/genodepkgs uses nix to build packages for genode. And if that isn't cool enough, it uses dhall on top.

I updated from d086d68 Jan 24 to 46c65613. My first attempt to build didn't get far:

connolly@jambox:~/projects/genodepkgs$ nix build .#checks.x86_64-linux.nova-x86
warning: unknown setting 'experimental-features'
error: don't know what to do with argument '.#checks.x86_64-linux.nova-x86'
Try 'nix --help' for more information.

so I tried nix upgrade-nix to version 2.3.5 but still no joy:

[nix-shell:~/projects/genodepkgs]$ nix flake show .
warning: flake 'git+file:///home/connolly/projects/genodepkgs?ref=master&rev=46c65613022be76c938f1541a07dc5552b4b64d2' has deprecated attribute 'edition'
error: unexpected flake input attribute 'uri', at /nix/store/3r3000m61d24kv399h6znqg2cgb9qyq8-source/flake.nix:8:3

Based on Nix Flakes, Part 1: An introduction and tutorial I went into nix-shell -I nixpkgs=channel:nixos-20.03 -p nixFlakes but lost again. Then I changed .uri to .url and that seemed to make it happy.

• 20:16:00 it starts! Downloading ehmry/nixpkgs/tarball was really slow (it's not that big but github didn't seem to want to serve it up quickly). It got there just as I was about to give up on it.
• 20:23:49 querying a zillion things...
• 20:24:13 195/657 MiB downloaded
• 20:24:37 0/280 built, though that denominator is dropping... in other words: "downloading 0.5 internets". vala is in there. wild.
• 20:25:59 1/0/120 built
• 20:27:58 hm. stuck? [1/0/120 built, 530/537 copied (3634.5/3665.8 MiB), 655.5/657.2 MiB DL] building 20.05.tar.gz: 100 124 100 124 0
• 20:28:45 ah. no, it made some more progress. building cmake-3.16.5. odd... that's not in a build cache? woah! CPU is pegged. all of them!
• 20:36:34 [1/15/118 built, 537 copied (3663.9/3665.8 MiB), 657.6 MiB DL] building libbfd-2.31.1
  • I wonder: is the output I'm going to get likely to be byte-for-byte the same as what ehmry gets when he builds rev 46c65613?
• 20:44:15 building llvm-8.0.1 ugh. am I cross-compiling for genode? I wonder how to tell
• 21:03:53 building llvm-8.0.1 still

Appendix: Take 1: Jan 24

genodepkgs does not provide attribute checks... — sourcehut lists

connolly@jambox:~/projects/genodepkgs$ git log -n1 --pretty='%h %ai %s'
d086d68 2020-01-24 19:05:45 +0100 Update genode-depot flake

connolly@jambox:~/projects/genodepkgs$ ls -ltr
total 44
-rw-rw-r--  1 connolly connolly 6157 Jan 24 19:34 README.md
...

[ehmry]

Be aware that CloudABI still uses the %fs (or %gs on Darwin) segment register for TLS. For performance reasons these registers are not retained across context switches for the NOVA kernel, if not other L4 kernels. Unfortunately CloudABI binary compatibility is not possible with Genode and x86. ARM might be different story however.

[dckc]

Good to know about CloudABI vs. genode but CloudABI seems to be losing steam. And the they way genode support for linux has upgraded from a dev platform to actually having pretty good security properties makes this combination a lot more interesting.

So I'm re-scoping this issue... Um... Oops... I guess the genodepkgs is the other way around: linux on genode.