From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from tb-mx0.topicbox.com (localhost.local [127.0.0.1]) by tb-mx0.topicbox.com (Postfix) with ESMTP id 542751F67FC7 for ; Wed, 17 Jul 2024 16:05:29 -0400 (EDT) (envelope-from lonnie@outstep.com) Received: from tb-mx0.topicbox.com (localhost [127.0.0.1]) by tb-mx0.topicbox.com (Authentication Milter) with ESMTP id 033B5D012A6; Wed, 17 Jul 2024 16:05:29 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1721246729; b=qoEZxtoEkezxLAaS0v0Z81vZBIPST//MaJi/VBfjtSBRGaZEpi 6mwEUkEppj4cfg1pbUDOtRxVEncCONyLa60tvVqDiJrjelFDajBV7gkgGOLJFzLD wQZ0apCUzQEehjhJqGaaSgxoIlJIpFQHRnu8la8/QHmkI/X00hGlzOF20WkoKKSe aRNw7kpJn3Dzdrl+xfhzUMPYifAJP1v5/5uovO7C/njuduzs0RZqAQBmYCVeuBtR sqEBdrpGiqJxbiEC0hQDNy1SOibBCfJ1B0xjouGhUTI6l/AnAz/x3nP5JOCpmPJM u3wfHmLTlV83fWEep0+zggscf6FBj8erpAdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=content-type:message-id:date:mime-version :subject:to:references:from:in-reply-to; s=arcseal; t= 1721246729; bh=1DQdOgc4XzrR14Yryf7IaqEI28ivL1ddKflrWbQH9Bw=; b=U 4zTaQNUFZlFTsZTJFWdnIvVN3wlZGuveTOCedxULdRdBd6hERBNQFRaaC7Y/x6bT QWRbc914F546exauEevBggRZg4Ja1Ln/asuugwICR1Wt2zYjzLxgMgcRTThjmBoA X2GMFM1nzuZ/76+yqcn9ECftHGlOQtUn9AxZjU57jQ/H/PRaHU+UWRktkSttRtR9 Fxv917mrmCQnLq2bu4q/NeQqmBs0W3oZx2WbsAflYm9BQ6hEpierYyY9jdfu8DXM tTlM9sXM85TRQ6npXbMEbZwrEcSwuRrZHpLvArOtBf6YQTAA0imYR/XIqaII8D1l DQBXEnneRO/nIua3Vdluw== ARC-Authentication-Results: i=1; tb-mx0.topicbox.com; arc=none (no signatures found); bimi=skipped (Insufficient authentication, DKIM required); dkim=invalid (public key: DNS error: , unknown key sha256) header.d=outstep.com header.i=@outstep.com header.b=R4GNSMJp header.a=unknown-sha256 header.s=dkim; dmarc=pass policy.published-domain-policy=reject policy.applied-disposition=none policy.evaluated-disposition=none (p=reject,d=none,d.eval=none) policy.policy-from=p header.from=outstep.com; iprev=pass smtp.remote-ip=213.136.84.29 (mail.outstep.net); spf=pass smtp.mailfrom=lonnie@outstep.com smtp.helo=mail.outstep.net; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=mail.outstep.net policy.ptr=mail.outstep.net; x-return-mx=pass header.domain=outstep.com policy.is_org=yes (MX Records found: mail.outstep.net); x-return-mx=pass smtp.domain=outstep.com policy.is_org=yes (MX Records found: mail.outstep.net); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 Authentication-Results: tb-mx0.topicbox.com; arc=none (no signatures found); bimi=skipped (Insufficient authentication, DKIM required); dkim=invalid (public key: DNS error: , unknown key sha256) header.d=outstep.com header.i=@outstep.com header.b=R4GNSMJp header.a=unknown-sha256 header.s=dkim; dmarc=pass policy.published-domain-policy=reject policy.applied-disposition=none policy.evaluated-disposition=none (p=reject,d=none,d.eval=none) policy.policy-from=p header.from=outstep.com; iprev=pass smtp.remote-ip=213.136.84.29 (mail.outstep.net); spf=pass smtp.mailfrom=lonnie@outstep.com smtp.helo=mail.outstep.net; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=mail.outstep.net policy.ptr=mail.outstep.net; x-return-mx=pass header.domain=outstep.com policy.is_org=yes (MX Records found: mail.outstep.net); x-return-mx=pass smtp.domain=outstep.com policy.is_org=yes (MX Records found: mail.outstep.net); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgeeftddrgeejgdehhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdpuffr tefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurheptgfkffggfg fuvfhfhfgjsegrtderredtvdejnecuhfhrohhmpefnohhnnhhivgcuvehumhgsvghrlhgr nhguuceolhhonhhnihgvsehouhhtshhtvghprdgtohhmqeenucggtffrrghtthgvrhhnpe dvgefhkeegueekkefgffeuvdffvdeguddugfelhffggeetiedvkeevtefggfehtdenucff ohhmrghinhepthhophhitggsohigrdgtohhmnecukfhppedvudefrddufeeirdekgedrvd elnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepvddufedrudef iedrkeegrddvledphhgvlhhopehmrghilhdrohhuthhsthgvphdrnhgvthdpmhgrihhlfh hrohhmpeeolhhonhhnihgvsehouhhtshhtvghprdgtohhmqedpnhgspghrtghpthhtohep uddprhgtphhtthhopeeouggvvhgvlhhophgvrheslhhishhtshdrihhllhhumhhoshdroh hrgheq X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (outstep.com: 213.136.84.29 is authorized to use 'lonnie@outstep.com' in 'mfrom' identity (mechanism 'mx' matched)) receiver=tb-mx0.topicbox.com; identity=mailfrom; envelope-from="lonnie@outstep.com"; helo=mail.outstep.net; client-ip=213.136.84.29 Received: from mail.outstep.net (mail.outstep.net [213.136.84.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx0.topicbox.com (Postfix) with ESMTPS for ; Wed, 17 Jul 2024 16:05:22 -0400 (EDT) (envelope-from lonnie@outstep.com) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id B3B13234103E for ; Wed, 17 Jul 2024 22:05:20 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outstep.com; s=dkim; t=1721246721; h=from:subject:date:message-id:to:mime-version:content-type: content-language:in-reply-to:references:autocrypt; bh=1DQdOgc4XzrR14Yryf7IaqEI28ivL1ddKflrWbQH9Bw=; b=R4GNSMJpuacHaok38d0xewOABKxkbP7wWubZ/D0NHhtL4c+s0DOUVgY3zOYUy5w6D0lvKu a/yCxzZeRfdWW7ZIeLmC4XuPbfTA+6VdU9I7L/KZqLl3H4oOY2Kpz7UNglvxi4lTSKvbBK xIDhqcubF9gzCQELmGwp+5XVqfN4PUJL95/pBv/4CQKOQczpGzjidAcpMdcc8JoUdBPDNg xDNg6JqJH4qBHv5S0qk5+BCt/SFyL2afdecgTQXac6LTYTedyqTWEy+qP6/m35cnVLa43W HQD6feKc1t1NI4wkO+Y4mjQdFQPoPXrlKp9wnHEJSQHuF+K0za6DceVDIAyypQ== Content-Type: multipart/alternative; boundary="------------oaSeMl6tT5NGcLJ4kevtRfhu" Message-ID: <901d0892-8bfb-4dce-bc61-addad29ba79a@outstep.com> Date: Wed, 17 Jul 2024 16:05:20 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [developer] A couple of kernel questions To: developer@lists.illumos.org References: <48-6697c700-1d7-71122080@11933559> Content-Language: en-US From: Lonnie Cumberland Autocrypt: addr=lonnie@outstep.com; keydata= xsDNBGZUkBcBDADf326hFXBZUOP9VKVMb569ZBxanDFn4/VSe88oit+OyvxtQoGWqEegTtpf 6zg1+9Dyx48+seZQvkbvZh/08CJaaNOZOP5uzwI70pWMpU+Uxvjed/Irl8Wp6pWixX+6qEm5 F7shGilvgxCbAPM8YH8Pp8M3nBy3IZGSS4vhlBlJHZ9VsvlZ69rvwJIcVv0igb1HEHkGFl3k O+odw9cScRVN7yLeqgAwXmhguZuOu0HN0UEgAgGszbPAPxckImOXI2c7gBbbl0P2aJwUPwKC CXb2SR4P/1lAsRJPFt37AyIjhPfLd9lKJVmxl+Jrd3xQ5TZUqAWOYNURJaKIQ7FmgPGtoXgi YZRg7rilc24FHbpjSYzAJwF6JNgn9ZJBOlY6Ra34SIFuB7m80dDYExRzYqQWjZZfLu3kQWv2 JDzxc0vnz1i8EkUYRlttz2RK+8bh0dbFQYRpyacAuUzqsthLOUMphuc2n994Ycjax3pXwt3H MvTjxZcB7tU5bBtnfV4XeyUAEQEAAc0mTG9ubmllIEN1bWJlcmxhbmQgPGxvbm5pZUBvdXRz dGVwLmNvbT7CwQcEEwEIADEWIQQulYU+Ak0zY3zlP1PNPEu2CUxXdQUCZlSQGAIbAwQLCQgH BRUICQoLBRYCAwEAAAoJEM08S7YJTFd1514MAJKgCilBtSfnDuqi6EsAv89vyLUC+UABqdIh ehwaImDTu65yniPARHsTQhXZI6QzfFTz3ptX7gQzZvAU0C1rVJWZaFbE4yHIEqerPPH5pTJA DL43GZU91is3BNE3hm2s3ArUHOEvFbWTzT9bQKjkHfPveByskzi0qlzrULZYG5kpbXx6sknW jFVdPkk0yv6N43ar9GjNKQqZTOJEe4U5VvHX3igMYjLB4dVmZFqvM9uMO+3pTQfnF4pzTtGd zX9ZIioAh/wQLF31P78ILvCUV4HOLVOGsxruZKuW/xEtA/UoLFJML5SJDrfbyNcu4Fly/5HP Yz42aNbnOBQkHOZKA7QaI0lfUgXgevAquRuJzvjjP8iKm+S+mpl7vIymsbkmG3E9tj5JAe9v xAyFFlQFi6ZVlw4PnXbiYUaJ30pa/AnrVe9nz5CpAxCX1q3ajRZApFeFYnuC7rx8LT662Pr1 fP5RRCbcUs5K8l2mJuifETtua+BydNQfn87JmmL0keAJGM7AzQRmVJAYAQwA9n99CBs/0XZk ZUzwm4CjPPqVQX7xLLqsvXZB15zsddCb21T+kxK7x2Bjg8QDg/4n/wOS8SytimPS35P1MKsm ysNi9lHkr3a3azfYGXZQ8jKfJbChD5dfyvu/rt4lK8k1EiNEUBzUFwTgP1WeD1v1+xUb5+JJ 6MjNFuMJMoq6vprEn0Wtv7LNDNWQj4/Xxa/kGVto9XwsrpcKSwyX7BmWEoqqzEO4PJgVSIF9 euL4GY15RCQD0Y+FN8kAXeO+Dd0WHgtaaWCpDP+RkgXtUCFx06Ozy1OrHRdIczsu+60Xcf+K DeoZsA2ZQTBwcSQN5ektrNeP5KqbYcl3stdW+grtucUs6AzFF3oqZbsrB6bNLyUUjEuYvrMm SFVi1rfOiGc6IExl6QDT0GCf5KWv0iGbls7lNfYHVUcdbUM07LDxLhm3MkcAnLFpAHg1s+Pz QP858J+fpnZLvMQT9AQ/bfA6c3kw6VRFqbsAe7ZzI4C73N+nzsP9ow5ovIbvECI+xkzZABEB AAHCwPYEGAEIACAWIQQulYU+Ak0zY3zlP1PNPEu2CUxXdQUCZlSQGQIbDAAKCRDNPEu2CUxX dTdmDADYJA7nWcJrr/3Oz+KvND+5Qd7jyOsTnvmcmFmpqWkydxbn75DciH1le9qf3F+WBT2x CQtsFGu0E7mb4bQv2i1ugyoWOJPlVAbRvwUoyFYbxHLnlSPPq6KBLcoRDNUe26oINuH6CK30 ZcXF0SDY26ydP7r6bC0cAzNTz6fkQsEd57wy/nSz9bt0EZnapYZ9l/W5fTSqyMcYDF92u18J IAn7On392bs3yTSwAeahPT+dhk3qOecbFysJRm61dw0vNCKVvm82tJKvzRPYEuFMDQEvpXb3 OqxCCRk3v0iUxwcXZxXPZAfos7ZrM2Y9ElSHfrssbvbeqDIOrGa0d2GlfHZMlz+mnH84Np5K 19Q/WetiOD7SKvmR54d7jZvsBt8VyDlQhMYqbNPyOnkvtQUhVWshrGGwKrB5a89dUYZMmAQd fL+vxMw4kBmeZmZ64Iy9ROZmDqVYD8278qC+yJC2S+uEdW9VjeW4WsUljfH2P3O8QagZsvGv WujEwGqqyfUF7eo= In-Reply-To: <48-6697c700-1d7-71122080@11933559> X-Last-TLS-Session-Version: TLSv1.3 Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: ed19b7c6-4477-11ef-abc2-c608058c7b06 This is a multi-part message in MIME format. --------------oaSeMl6tT5NGcLJ4kevtRfhu Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi All, I have a follow up question on the illumos kernel. Can the illumos kernel allow for VGA and Audio pass-through from a User Zone?  I am trying to discover how it might be possible to pass the console to a Zone that might be running a guest Bhyve and some how work out to have the guest OS using the console instead to the Global Zone.  This is not really the same as using zlogin in text mode but I do not have a complete picture in my mind on what might be, or not, achievable from the kernel perspective. I guess that this would be a similar question for GPU pass-through from a non-Global Zone. Any thoughts? Thanks in advance, Lonnie On 7/17/2024 9:28 AM, Lonnie via illumos-developer wrote: > Hello All, > > While still being new to Illumos (coming from the Linux/FreeBSD world) and ramping up a project that will be based upon either SmartOS, OmniOS, or Tribblix, and recently posted a question asking about the possibility and challenges to implement a type of application sandbox feature that seems to have some out in Solaris 11.4, I had just a couple of other questions for the developers list while I move to get set up to compile Illumos for some initial testing and explorations. > > 1. As Illumos is designed for zones (VMs), I am wondering if there are driver and service zones implemented such that if a driver crashes then it does not heavily impact the OS in operation? From what I understand so far, the drivers and system wide services are installed in the Global-Zone which makes me think of the Xen Type-1 Hypervisor in which these things are installed in their Dom0 which is similar to the Illumos Global-Zone (GZ) > > 2. Another crazy thought that I had was about the possibly of investigating what it might take to (fork illumos for an experiment) and try to remove the dependencies on a hierarchal tree-based filesystem and to implement a type of "Property-Graph Database (PGDb)" filesystem. The rationale here is that a hierarchal tree-based filesystem can easily be represented as well but that a PGDb filesystem also allows for assigning new types of attributes to files, blocks, objects, users, etc. and thus allowing for granular security on users at the application level. Users can be allowed/disallowed to see/access application/files/block/objects and only authorized applications are "mapped" to a particular user. > > 3. I could see that when a user does a login, then a blank empty zones is set up at which time their configured files, directories are mapped in to their container zone and allowed applications are only used. The users cannot escape their zone and does not have access to the rest of the system unless privilege's are elevated. I know that "zlogin" can do this from the GZ, but perhaps automatically and full console since graphic display will be needed. > > 4. One need that may be a challenge to get done will be the need for a enable/disable consoles such that a local users could use a hot-key (API call) to switch between zone consoles which would include graphics, audio, etc. This would be akin to running multiple VirtualBox OSs, or VMware Guests in which you can step through the guest graphic tabs in fullscreen mode, perhaps. I am seeking to replicate that idea in Illumos to step through guests (maybe in Bhyve or native zones) that are in their own configured zone which is the thought. > > I am not sure how these things might be approached and/or tackled in illumos but wanted to start investigating them one by one and build up at the project evolves. > > There are a few other ideas that I have but namely the driving thoughts are on strict separation between applications and user data as well as user isolation while mapping in only the specific applications (which will also run sandboxed or in thin-zones) and data that are needed. Its about build an extremely secure OS that minimized the attack-surface should drivers/applications/bad-actor users interact with the OS while still offering high configurability. > > Well, I thought that I would ask these questions here since they are more kernel related than OS configuration related and hope that you also find them interesting although may have already been considered in the past well. > > Best Regards and have a great day, > Lonnie > > > ------------------------------------------ > illumos: illumos-developer > Permalink:https://illumos.topicbox.com/groups/developer/Tf2a2de95f2063204-M63510774f96f3916dedce355 > Delivery options:https://illumos.topicbox.com/groups/developer/subscription --------------oaSeMl6tT5NGcLJ4kevtRfhu Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit Hi All,

I have a follow up question on the illumos kernel.

Can the illumos kernel allow for VGA and Audio pass-through from a User Zone?  I am trying to discover how it might be possible to pass the console to a Zone that might be running a guest Bhyve and some how work out to have the guest OS using the console instead to the Global Zone.  This is not really the same as using zlogin in text mode but I do not have a complete picture in my mind on what might be, or not, achievable from the kernel perspective.  

I guess that this would be a similar question for GPU pass-through from a non-Global Zone.

Any thoughts?

Thanks in advance,
Lonnie

On 7/17/2024 9:28 AM, Lonnie via illumos-developer wrote:
Hello All,

While still being new to Illumos (coming from the Linux/FreeBSD world) and ramping up a project that will be based upon either SmartOS, OmniOS, or Tribblix, and recently posted a question asking about the possibility and challenges to implement a type of application sandbox feature that seems to have some out in Solaris 11.4, I had just a couple of other questions for the developers list while I move to get set up to compile Illumos for some initial testing and explorations.

1. As Illumos is designed for zones (VMs), I am wondering if there are driver and service zones implemented such that if a driver crashes then it does not heavily impact the OS in operation?   From what I understand so far, the drivers and system wide services are installed in the Global-Zone which makes me think of the Xen Type-1 Hypervisor in which these things are installed in their Dom0 which is similar to the Illumos Global-Zone (GZ)

2. Another crazy thought that I had was about the possibly of investigating what it might take to (fork illumos for an experiment) and try to remove the dependencies on a hierarchal tree-based filesystem and to implement a type of "Property-Graph Database (PGDb)" filesystem.  The rationale here is that a hierarchal tree-based filesystem can easily be represented as well but that a PGDb filesystem also allows for assigning new types of attributes to files, blocks, objects, users, etc. and thus allowing for granular security on users at the application level.  Users can be allowed/disallowed to see/access application/files/block/objects and only authorized applications are "mapped" to a particular user.

3. I could see that when a user does a login, then a blank empty zones is set up at which time their configured files, directories are mapped in to their container zone and allowed applications are only used. The users cannot escape their zone and does not have access to the rest of the system unless privilege's are elevated.  I know that "zlogin" can do this from the GZ, but perhaps automatically and full console since graphic display will be needed.

4. One need that may be a challenge to get done will be the need for a enable/disable consoles such that a local users could use a hot-key (API call) to switch between zone consoles which would include graphics, audio, etc.   This would be akin to running multiple VirtualBox OSs, or VMware Guests in which you can step through the guest graphic tabs in fullscreen mode, perhaps. I am seeking to replicate that idea in Illumos to step through guests (maybe in Bhyve or native zones) that are in their own configured zone which is the thought.

I am not sure how these things might be approached and/or tackled in illumos but wanted to start investigating them one by one and build up at the project evolves.

There are a few other ideas that I have but namely the driving thoughts are on strict separation between applications and user data as well as user isolation while mapping in only the specific applications (which will also run sandboxed or in thin-zones) and data that are needed.  Its about build an extremely secure OS that minimized the attack-surface should drivers/applications/bad-actor users interact with the OS while still offering high configurability.

Well, I thought that I would ask these questions here since they are more kernel related than OS configuration related and hope that you also find them interesting although may have already been considered in the past well.

Best Regards and have a great day,
Lonnie


------------------------------------------
illumos: illumos-developer
Permalink: https://illumos.topicbox.com/groups/developer/Tf2a2de95f2063204-M63510774f96f3916dedce355
Delivery options: https://illumos.topicbox.com/groups/developer/subscription

--------------oaSeMl6tT5NGcLJ4kevtRfhu--