From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from tb-mx0.topicbox.com (localhost.local [127.0.0.1]) by tb-mx0.topicbox.com (Postfix) with ESMTP id 42EB61F65CCA for ; Wed, 17 Jul 2024 15:06:58 -0400 (EDT) (envelope-from echosoft.llc@gmail.com) Received: from tb-mx0.topicbox.com (localhost [127.0.0.1]) by tb-mx0.topicbox.com (Authentication Milter) with ESMTP id D545EF7F97A; Wed, 17 Jul 2024 15:06:58 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1721243218; b=ClneiOevoMU+/vwV0unHfhHw+7FfsaEpQ8TtZj2vstP20W1sJc 7SuTSHbSh1HOIOG0zrXMVXTua9xne0eMr19wYAiM+3F89Zm7ysxSTrnFWixrPtVl z7X7CmBJP2ZgDvbTfRXMtE2jxwpvi8c699S/1SIaa/59jQ5nibHnmg0Ye1WW1AwJ Xk7TrZMWZzUrIU/o3OjneOK8mYYfoUduDLjzpjUqmX0VxozqbKZuNHCu93Fv1+Kz DZVFPegOcsCpSSlKb9JrG3RwoF6o/YO09ShyjsrBk1VnEl9xGIwlhu3nukeEW+mt rZPJ8L09br8xO9vkZwS2zuz2XubctFC/ZW/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=from:content-type:content-transfer-encoding :mime-version:date:subject:message-id:references:in-reply-to:to; s=arcseal; t=1721243218; bh=nbabhxWN+7CHooghuVjE2GB5RbrVhqGA/OX qoELz0e4=; b=Z06jJmtPU7t6L6ZCC4H7QZXfn+BFI4zU5TNwNMYQ23qSGuGj7HC eCHNslyHqJDAhZAUIQmtOtNKQRIv4ELPoktZQugwFQheOOlYh34w2B9/TDUN0aYx HIXlEJFNunh2rJEWNyzmHiQ9Xxm8W0gYEFKSQ5AykjnI7AWjVhHas5ZN9RMA4WDE eqyaPS3/DKsMVhsVNyPj6blhoq1IoY5wrNpi7vU2xmmO66ujo6O58dAOF74MKeOr KEMyemeNjGu7eX2OuFPTEryIfOwBeJmZQANMGBBYmRXIz1gLEKLida5vbxjfb7oQ QetZcMxzbGGls1oFHKoEUrLqetLotySvG+w== ARC-Authentication-Results: i=1; tb-mx0.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=cwCqdqZy header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.166.44 (mail-io1-f44.google.com); spf=pass smtp.mailfrom=echosoft.llc@gmail.com smtp.helo=mail-io1-f44.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=f3zj405Y; x-me-sender=none; x-ptr=pass smtp.helo=mail-io1-f44.google.com policy.ptr=mail-io1-f44.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=-100 state=0 Authentication-Results: tb-mx0.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=cwCqdqZy header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.166.44 (mail-io1-f44.google.com); spf=pass smtp.mailfrom=echosoft.llc@gmail.com smtp.helo=mail-io1-f44.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=f3zj405Y; x-me-sender=none; x-ptr=pass smtp.helo=mail-io1-f44.google.com policy.ptr=mail-io1-f44.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=-100 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgeeftddrgeejgdegfecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdpuffr tefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnth hsucdlqddutddtmdenucfjughrpefhtgfgggffuffkfhgjvffosehtqhhmtdhhtdejnecu hfhrohhmpeflohhhnhcujfhofigrrhguuceovggthhhoshhofhhtrdhllhgtsehgmhgrih hlrdgtohhmqeenucggtffrrghtthgvrhhnpedvgeetfeffgfdvhfeigeehtdegjedtudfh tefhkeetjeevfefgteektdehueegveenucffohhmrghinhepthhophhitggsohigrdgtoh hmnecukfhppedvtdelrdekhedrudeiiedrgeegpddviedtjeemfhgsledtmegtfhefkeem tgehlegtmegrugehtdemfeelhedtmehfugelmeehjegtvgenucevlhhushhtvghrufhiii gvpedtnecurfgrrhgrmhepihhnvghtpedvtdelrdekhedrudeiiedrgeegpdhhvghlohep mhgrihhlqdhiohduqdhfgeegrdhgohhoghhlvgdrtghomhdpmhgrihhlfhhrohhmpeeovg gthhhoshhofhhtrdhllhgtsehgmhgrihhlrdgtohhmqedpnhgspghrtghpthhtohepuddp rhgtphhtthhopeeouggvvhgvlhhophgvrheslhhishhtshdrihhllhhumhhoshdrohhrgh eq X-ME-VSScore: -100 X-ME-VSCategory: clean Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use 'echosoft.llc@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=tb-mx0.topicbox.com; identity=mailfrom; envelope-from="echosoft.llc@gmail.com"; helo=mail-io1-f44.google.com; client-ip=209.85.166.44 Received: from mail-io1-f44.google.com (mail-io1-f44.google.com [209.85.166.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx0.topicbox.com (Postfix) with ESMTPS for ; Wed, 17 Jul 2024 15:06:57 -0400 (EDT) (envelope-from echosoft.llc@gmail.com) Received: by mail-io1-f44.google.com with SMTP id ca18e2360f4ac-810f75a632dso48742539f.2 for ; Wed, 17 Jul 2024 12:06:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721243216; x=1721848016; darn=lists.illumos.org; h=to:in-reply-to:references:message-id:subject:date:mime-version :content-transfer-encoding:from:from:to:cc:subject:date:message-id :reply-to; bh=nbabhxWN+7CHooghuVjE2GB5RbrVhqGA/OXqoELz0e4=; b=cwCqdqZytsHbtRA+f4JVMCDSob/1dCl4UpkS/qpSRvO5Q+1yhacX8fFL68pZ0RI7f3 6oT8MLL6hgBwg0zK6DDgIWCp484kCgIoZgglB3un+eMjkyDYoSVkubunoXdcy75xdGup 6QhPFB5A3oWMdRY+BNryNgncfHI0uTjieeYE+3rXc5j6ojT3r34Iiii6rmF8vVAOKDtX J/swERuayWQt4dZPIWNKiqC6VHRpaGMoElJTganPYRaJxB/w1S+BJzUirYu2Z5jOeBEL O2dIklSYb1uNDw+Le98KDmAfn5r4YZVw2rEyAm8I9LSYfqAnKbQ0jXWhTLiJgRyoCKln rRDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721243216; x=1721848016; h=to:in-reply-to:references:message-id:subject:date:mime-version :content-transfer-encoding:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nbabhxWN+7CHooghuVjE2GB5RbrVhqGA/OXqoELz0e4=; b=f3zj405YmeKlmBf2k2YMBMJSbJSLFGJ46oPSRkHyGZBO8N28fPcv7j4U5Xqo5EjJY7 ZR65+3lJAHqTFsNEIPQzeufFtKfGaC2oKQMAPwub3w8dfuItKTc6RNu71f2M9yB9hP1q pIO7hsKa1jI9UQyPaX5R1T8MZCEVD0UkZkuSRjgPM1brn91+b+SclajQbOBAdU/oSRQ+ 2ggTzDYq7CF3WtoVtiLwBy3D9tG52RZPjuClGfAe+6HWAq075fdyd5YY7R9FGSKdPUFs psPMqwtKtlvf2zTqVWbapqAWlGu5kNYtuXlb94qsLz1snPwaha9ppn/euHcL4NeuqTJZ Dzhw== X-Gm-Message-State: AOJu0YyOM1u4ZiHwf3c6Nl5gHOxq8s9IHJ4migaUuf5SAGLRVCG9R40F Swr10R8dQ7ApsBhC3qmTZ0tzEc7pP+P19L1LTfZpNgQ+iV+c8G9FJB8WEw== X-Google-Smtp-Source: AGHT+IHHHLPbpOkg9EF9gCqA0y48yo9Nsy5ENLQaJZcRcdTevx0HHTT5BNmRgYTieXuaAKefSNhLNA== X-Received: by 2002:a05:6602:1406:b0:7f9:1b3b:8465 with SMTP id ca18e2360f4ac-817109e76cbmr341608339f.11.1721243216368; Wed, 17 Jul 2024 12:06:56 -0700 (PDT) Received: from ?IPv6:2607:fb90:cf38:c59c:ad50:3950:fd9:57ce? ([2607:fb90:cf38:c59c:ad50:3950:fd9:57ce]) by smtp.gmail.com with ESMTPSA id ca18e2360f4ac-816c17c504fsm81407239f.14.2024.07.17.12.06.55 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 Jul 2024 12:06:56 -0700 (PDT) From: John Howard X-Google-Original-From: John Howard Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Date: Wed, 17 Jul 2024 14:06:54 -0500 Subject: Re: [developer] A couple of kernel questions Message-Id: <2C0B1E37-C4FD-496D-A6F0-58008D9F9E30@gmail.com> References: <48-6697c700-1d7-71122080@11933559> In-Reply-To: <48-6697c700-1d7-71122080@11933559> To: illumos-developer X-Mailer: iPhone Mail (16G102) Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: c29f23ee-446f-11ef-968e-0844ff8b7b06 Hello Lonnie. PGDb sounds interesting to me. (I think ZFS allows sysop defined attributes.= Consider adding a temporal attribute to allow time restrictions assigned to= executables.) I am not an illumos expert. I migrated from Windows to Linux to FreeBSD, the= n illumos for awhile. My home PC came under incessant attacks from foreign enemies. It started wit= h me downloading a Russian source of a Computer Modern TrueType font. Thrash= ed to death my Microsoft XP hard disks. So I tried using Fedora and RedHat Linux. Attacker erased them immediately. T= ried using FreeBSD, same result. Tried using OpenIndiana illumos with ZFS. A= ttacker immediately erased all my partitions. Tried using Debian, and was fi= nally safe. Internet Service Provider (Time Warner Cable) was no help. One suggestion I have is to eliminate the closed-bins BLOB from illumos. Bui= ld your own illumos. Arm64 illumos server theoretically should use less elec= tricity than Intel. And Raspberry Pi PC=E2=80=99s are the cheapest. Use Arm6= 4 hardware features for security and virtualization. Simplicity beats complexity. -- John On Jul 17, 2024, at 8:28 AM, Lonnie via illumos-developer wrote: Hello All, While still being new to Illumos (coming from the Linux/FreeBSD world) and r= amping up a project that will be based upon either SmartOS, OmniOS, or Tribb= lix, and recently posted a question asking about the possibility and challen= ges to implement a type of application sandbox feature that seems to have so= me out in Solaris 11.4, I had just a couple of other questions for the devel= opers list while I move to get set up to compile Illumos for some initial te= sting and explorations. 1. As Illumos is designed for zones (VMs), I am wondering if there are drive= r and service zones implemented such that if a driver crashes then it does n= ot heavily impact the OS in operation? =46rom what I understand so far, th= e drivers and system wide services are installed in the Global-Zone which ma= kes me think of the Xen Type-1 Hypervisor in which these things are installe= d in their Dom0 which is similar to the Illumos Global-Zone (GZ) 2. Another crazy thought that I had was about the possibly of investigating w= hat it might take to (fork illumos for an experiment) and try to remove the d= ependencies on a hierarchal tree-based filesystem and to implement a type of= "Property-Graph Database (PGDb)" filesystem. The rationale here is that a h= ierarchal tree-based filesystem can easily be represented as well but that a= PGDb filesystem also allows for assigning new types of attributes to files,= blocks, objects, users, etc. and thus allowing for granular security on use= rs at the application level. Users can be allowed/disallowed to see/access a= pplication/files/block/objects and only authorized applications are "mapped"= to a particular user. 3. I could see that when a user does a login, then a blank empty zones is se= t up at which time their configured files, directories are mapped in to thei= r container zone and allowed applications are only used. The users cannot es= cape their zone and does not have access to the rest of the system unless pr= ivilege's are elevated. I know that "zlogin" can do this from the GZ, but p= erhaps automatically and full console since graphic display will be needed. 4. One need that may be a challenge to get done will be the need for a enabl= e/disable consoles such that a local users could use a hot-key (API call) to= switch between zone consoles which would include graphics, audio, etc. Th= is would be akin to running multiple VirtualBox OSs, or VMware Guests in whi= ch you can step through the guest graphic tabs in fullscreen mode, perhaps. I= am seeking to replicate that idea in Illumos to step through guests (maybe i= n Bhyve or native zones) that are in their own configured zone which is the t= hought. I am not sure how these things might be approached and/or tackled in illumos= but wanted to start investigating them one by one and build up at the proje= ct evolves. There are a few other ideas that I have but namely the driving thoughts are o= n strict separation between applications and user data as well as user isola= tion while mapping in only the specific applications (which will also run sa= ndboxed or in thin-zones) and data that are needed. Its about build an extr= emely secure OS that minimized the attack-surface should drivers/application= s/bad-actor users interact with the OS while still offering high configurabi= lity. Well, I thought that I would ask these questions here since they are more ke= rnel related than OS configuration related and hope that you also find them i= nteresting although may have already been considered in the past well. Best Regards and have a great day, Lonnie ------------------------------------------ illumos: illumos-developer Permalink: https://illumos.topicbox.com/groups/developer/Tf2a2de95f2063204-M= 63510774f96f3916dedce355 Delivery options: https://illumos.topicbox.com/groups/developer/subscription=