Hi
I'm looking for a solution for running one or more application (preferably Qt-apps) on a microkernel and along side of those apps running a complete Linux environment. The thing is that the Qt-apps can be trusted (i.e somewhat trusted, since these are built in-house and should not contain any malicious code) and the Linux environment cannot be trusted since this will be open for others to develop application for.
My first thought was that I should use a virtualization solution but one of the requirements are that both all apps should be visible on screen, and preferably be able to use hardware accelaration.
As I understand you can run both native Qt-apps on the microkernel and also a Linux environment, but how are they separated? if someone manage, lets say, a buffer owerflow in Linux how far down the tree will it reach? Can it break the complete system?
And another question, for the live-cd image you fire up a console (maybe Busybox), can you give me any hints on how to make it work or do I need to download it and port it from scratch?
Thanks in advance!
//Magnus
Hi Magnus,
actually, we make use of scenarios like the one you describe to promote Genode and, therefore, it should fit your needs well.
On Wed, May 18, 2011 at 09:55:29AM +0200, Magnus Andersson wrote:
As I understand you can run both native Qt-apps on the microkernel and also a Linux environment, but how are they separated? if someone manage, lets say, a buffer owerflow in Linux how far down the tree will it reach? Can it break the complete system?
Let's assume you will give Genode on OKL4 a try as this would bring all the features you need. The paravirtualized OKLinux runs as regular OKL4 task beside other services and your applications. Thus, it is subject to the microkernels isolation properties and cannot access virtual memory of ther tasks directly. Regarding inter-process communication Genode _could_ limit the potential communication partners through its capability-based security model. Unfortunately, the OKL4 2.1 kernel does not provide the appropriate basis mechanism. Genode platforms fully supporting capability-based security are Nova and Fiasco.OC.
The communication between OKLinux and its parent node is limited by the parent interface, which supports: creation and finalization of sessions to servers as well as service announcement. Each of these operations is subject to policy decisions in the parent node, that, e.g., would not allow OKLinux to announce a fake system service. (see http://genode.org/documentation/release-notes/10.05#section-0).
And another question, for the live-cd image you fire up a console (maybe Busybox), can you give me any hints on how to make it work or do I need to download it and port it from scratch?
You can find the initial ramdisk image on the CD as "initrd.gz". As far as I know this is a slightly modified TinxCoreLinux initrd, but the standard Busybox initrd should work too.
Regards
-
Christian Helmuth -
Magnus Andersson