Follow

sometimes i wonder about the alternate universe where everyone who was hacking on Xen didn't get recruited by Docker, Inc.

we could have had nice things. we could have built these nice things right, with proper isolation guarantees.

instead... we got eBPF, XDP and chronic depression

@libreleah openbsd is great, for what it is. what it is, however, is not what i want.

@ariadne what about other bsd e.g. freebsd, dragonfly

@ariadne Ah yes, eBPF, the thing that I made sure to not have on my gentoo machines. (And I guess I'll end up changing Alpine's kernel config)

@ariadne XDP always reminds me of DPDK despite them being rather different. and I just want to forget DPDK exists because it has caused me a lot of pain.

@ariadne If you have time, care to give your thoughts in adamierymenko.com/privileged-p? I've been thinking a lot about isolation, security, etc and still trying to figure out how to model my infra.

@Nulo like 10 years ago, I sent a patch to LKML adding a sysctl that, when enabled, gave every process CAP_NET_BIND_SERVICE by default, but it got rejected.

@Nulo and so largely i think that the port 1024 restriction is outdated, but the powers that be seem to disagree.

@ariadne I agree, what I am particularly conflicted about is the critique on virtualization and this:
> We'd have to go back and harden its user-mode security. I don't think this is as hard as people think.

@Nulo i think virtualization is fine, but one should try to stick with paravirtualization rather than emulating hardware as qemu does. kvmtool and firecracker show it’s possible to have hardened virtualizers that are still light weight.

@Nulo basically it comes down to a question of how much attack surface is exposed, from there you can model infrastructure that reduces exposure (paravirt vs full emulation for example)

@ariadne Of course. I knew about firecracker (and crosvm) but not about kvmtool. Something that bothers me is the requirement for virtualization. Yes, most remotely modern hardware has support for it, but some isn't very good or is forcibly disabled by BIOS (I had to mod a laptop's BIOS to get virt.)

Do you think actually decent isolation can be provided without virtualization in the current landscape (say, by just restricting permissions, or also using bwrap or systemd's thing to move things to different namespaces)? Basically asking if you deem Linux "secure enough" for that sort of thing. I understand that Xen or other virtualization-based approaches give better guarantees (after all, they are built with security in mind), but I'm trying to understand the current Linux landscape.

Is that really a thing? I don't think my Xen contact left yet... 🤔

@feld yeah basically the entire SRG group at cambridge got recruited by docker, and then docker bought unikernel systems to get the rest of the SRG group. the early 2010s equivalent of the MIT AI lab buyout :)

@feld citrix has a couple of people still working on it, but almost everyone is at docker these days, in fact Justin is CTO now

@ariadne remember the Xe manifesto? It sounds a lot of what kubernetes (over)promises.

@javierg kubernetes is mostly fine, except for the shared kernel environment between tenants, but you can solve that with stuff like firecracker

Sign in to participate in the conversation
Treehouse Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!