sometimes i wonder about the alternate universe where everyone who was hacking on Xen didn't get recruited by Docker, Inc.

Follow

we could have had nice things. we could have built these nice things right, with proper isolation guarantees.

instead... we got eBPF, XDP and chronic depression

@libreleah openbsd is great, for what it is. what it is, however, is not what i want.

@ariadne what about other bsd e.g. freebsd, dragonfly

@ariadne Ah yes, eBPF, the thing that I made sure to not have on my gentoo machines. (And I guess I'll end up changing Alpine's kernel config)

@ariadne XDP always reminds me of DPDK despite them being rather different. and I just want to forget DPDK exists because it has caused me a lot of pain.

@ariadne If you have time, care to give your thoughts in adamierymenko.com/privileged-p? I've been thinking a lot about isolation, security, etc and still trying to figure out how to model my infra.

@Nulo like 10 years ago, I sent a patch to LKML adding a sysctl that, when enabled, gave every process CAP_NET_BIND_SERVICE by default, but it got rejected.

@Nulo and so largely i think that the port 1024 restriction is outdated, but the powers that be seem to disagree.

@ariadne I agree, what I am particularly conflicted about is the critique on virtualization and this:
> We'd have to go back and harden its user-mode security. I don't think this is as hard as people think.

@Nulo i think virtualization is fine, but one should try to stick with paravirtualization rather than emulating hardware as qemu does. kvmtool and firecracker show it’s possible to have hardened virtualizers that are still light weight.

@Nulo basically it comes down to a question of how much attack surface is exposed, from there you can model infrastructure that reduces exposure (paravirt vs full emulation for example)

@ariadne Of course. I knew about firecracker (and crosvm) but not about kvmtool. Something that bothers me is the requirement for virtualization. Yes, most remotely modern hardware has support for it, but some isn't very good or is forcibly disabled by BIOS (I had to mod a laptop's BIOS to get virt.)

Do you think actually decent isolation can be provided without virtualization in the current landscape (say, by just restricting permissions, or also using bwrap or systemd's thing to move things to different namespaces)? Basically asking if you deem Linux "secure enough" for that sort of thing. I understand that Xen or other virtualization-based approaches give better guarantees (after all, they are built with security in mind), but I'm trying to understand the current Linux landscape.

Sign in to participate in the conversation
Treehouse Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!