Introducing CloudABI: a pure capability-based runtime for NetBSD (and other systems)

To: tech-kern%netbsd.org@localhost
Subject: Introducing CloudABI: a pure capability-based runtime for NetBSD (and other systems)
From: Ed Schouten <ed%nuxi.nl@localhost>
Date: Thu, 25 Jun 2015 15:11:51 +0200

Hello NetBSD hackers,

Two weeks ago I gave a talk at BSDCan about something I've been
working on for the last half a year called CloudABI[1]. In short,
CloudABI is an alternative UNIX-like runtime environment that purely
uses capability-based security, strongly influenced by Capsicum[2].

The idea behind CloudABI is that it allows you to (more) safely run
third-party untrusted binaries directly on top of a kernel, without
requiring any system virtualisation (Xen, KVM) or namespace
virtualisation (Jails, Linux cgroups). This is accomplished by
requiring that all dependencies of a program to be provided up front
in the form of file descriptors (directories, sockets, shared memory,
etc). An additional advantage is that programs are easier to migrate,
reuse and test.

CloudABI is a pretty compact runtime environment. There are only 57
system calls that shouldn't be too hard to implement. This allows us
to add support for CloudABI to various operating systems, similar to
how the BSDs implement "compat_linux". Software only needs to be
compiled once, but can be run on multiple operating systems. This
makes it a good building block for large-scale computing (clusters,
cloud, etc). Be sure to watch my interview on BSDNow where I give a
couple of example use cases[3].

I want to announce that I have also written a compatibility layer for
NetBSD, available on GitHub[4]. This branch also contains a couple of
changes that should make it easier to add Capsicum support to NetBSD
if there is ever an interest to do so. Right now the NetBSD port
passes ~99% of the unit tests that are part of cloudlibc, CloudABI's C
library[5].

I am currently working on integrating support for CloudABI into
FreeBSD. The end goal would be that it's sufficient to just install a
single port to obtain a full CloudABI toolchain (based on Clang,
libc++, etc)[6] and load a kernel module to be able to execute these
programs.

The reason why I'm sending this email to tech-kern@ is that I would
love to see this happen on the NetBSD side as well. Unfortunately I
have to say I don't know enough people on the project to know who to
talk to. What do you folks think about CloudABI? Do any of you have a
couple of spare cycles to discuss CloudABI support in more detail?
Thanks!

Links:

[1] BSDCan page (with link to slides):
http://www.bsdcan.org/2015/schedule/events/524.en.html
[2] Capsicum: https://www.cl.cam.ac.uk/research/security/capsicum/
[3] BSDNow interview: https://www.youtube.com/watch?v=wYU7H988tYI#t=28m40s
[4] CloudABI support for NetBSD: https://github.com/NuxiNL/netbsd
[5] cloudlibc on GitHub: https://github.com/NuxiNL/cloudlibc
[6] CloudABI packages for FreeBSD:
https://www.freebsd.org/cgi/ports.cgi?query=cloudabi&stype=all

Best regards,
-- 
Ed Schouten <ed%nuxi.nl@localhost>
Nuxi, 's-Hertogenbosch, the Netherlands
KvK/VAT number: 62051717

Follow-Ups:
- Re: Introducing CloudABI: a pure capability-based runtime for NetBSD (and other systems)
  - From: David Young

Prev by Date: Re: netbsd32: race condition in swapctl()
Next by Date: Re: KGDB/i386 broken/supposed to work?
Previous by Thread: kgdb on amd64
Next by Thread: Re: Introducing CloudABI: a pure capability-based runtime for NetBSD (and other systems)
Indexes:

Home | Main Index | Thread Index | Old Index