Separating native applications and a complete Linux environment on Genode
Christian Helmuth
christian.helmuth at ...1...
Wed May 18 17:51:07 CEST 2011
Hi Magnus,
actually, we make use of scenarios like the one you describe to
promote Genode and, therefore, it should fit your needs well.
On Wed, May 18, 2011 at 09:55:29AM +0200, Magnus Andersson wrote:
> As I understand you can run both native Qt-apps on the microkernel and also
> a Linux environment, but how are they separated? if someone manage, lets
> say, a buffer owerflow in Linux how far down the tree will it reach? Can it
> break the complete system?
Let's assume you will give Genode on OKL4 a try as this would bring
all the features you need. The paravirtualized OKLinux runs as regular
OKL4 task beside other services and your applications. Thus, it is
subject to the microkernels isolation properties and cannot access
virtual memory of ther tasks directly. Regarding inter-process
communication Genode _could_ limit the potential communication
partners through its capability-based security model. Unfortunately,
the OKL4 2.1 kernel does not provide the appropriate basis mechanism.
Genode platforms fully supporting capability-based security are Nova
and Fiasco.OC.
The communication between OKLinux and its parent node is limited by
the parent interface, which supports: creation and finalization of
sessions to servers as well as service announcement. Each of these
operations is subject to policy decisions in the parent node, that,
e.g., would not allow OKLinux to announce a fake system service. (see
http://genode.org/documentation/release-notes/10.05#section-0).
> And another question, for the live-cd image you fire up a console (maybe
> Busybox), can you give me any hints on how to make it work or do I need to
> download it and port it from scratch?
You can find the initial ramdisk image on the CD as "initrd.gz". As
far as I know this is a slightly modified TinxCoreLinux initrd, but
the standard Busybox initrd should work too.
Regards
--
Christian Helmuth
Genode Labs
http://www.genode-labs.com/ · http://genode.org/ · /ˈdʒiː.nəʊd/
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
More information about the users
mailing list