Hi Magnus,
actually, we make use of scenarios like the one you describe to promote Genode and, therefore, it should fit your needs well.
On Wed, May 18, 2011 at 09:55:29AM +0200, Magnus Andersson wrote:
As I understand you can run both native Qt-apps on the microkernel and also a Linux environment, but how are they separated? if someone manage, lets say, a buffer owerflow in Linux how far down the tree will it reach? Can it break the complete system?
Let's assume you will give Genode on OKL4 a try as this would bring all the features you need. The paravirtualized OKLinux runs as regular OKL4 task beside other services and your applications. Thus, it is subject to the microkernels isolation properties and cannot access virtual memory of ther tasks directly. Regarding inter-process communication Genode _could_ limit the potential communication partners through its capability-based security model. Unfortunately, the OKL4 2.1 kernel does not provide the appropriate basis mechanism. Genode platforms fully supporting capability-based security are Nova and Fiasco.OC.
The communication between OKLinux and its parent node is limited by the parent interface, which supports: creation and finalization of sessions to servers as well as service announcement. Each of these operations is subject to policy decisions in the parent node, that, e.g., would not allow OKLinux to announce a fake system service. (see http://genode.org/documentation/release-notes/10.05#section-0).
And another question, for the live-cd image you fire up a console (maybe Busybox), can you give me any hints on how to make it work or do I need to download it and port it from scratch?
You can find the initial ramdisk image on the CD as "initrd.gz". As far as I know this is a slightly modified TinxCoreLinux initrd, but the standard Busybox initrd should work too.
Regards