Most active commenters
  • akavel(3)
  • hyperfekt(3)

←back to thread

Qubes OS: A reasonably secure operating system

(www.qubes-os.org)
441 points ploggingdev | 12 comments | 19 Nov 17 16:06 UTC | HN request time: 0.645s | source | bottom
1. Jeaye ◴[19 Nov 17 17:12 UTC] No.15734704[source]
What I'd really love to see is a marriage between NixOS and Qubes, allowing for full-system declarative configuration, including the various systems which will be running under Qubes.

NixOS has containers that show how this could work, but they're only via systemd-nspawn, so not as jailed as Qube's domUs.

replies(3): >>15735026 #>>15735236 #>>15735329 #
2. akavel ◴[19 Nov 17 18:06 UTC] No.15735026[source]
Me, I'd like to see such a marriage between NixOS and GenodeOS (which provides capabilities management and has the advantage of using a microkernel as base, so much smaller attack surface, aka TSB, than Xen + Linux)

http://www.genode.org/about/index

replies(2): >>15735101 #>>15739616 #
3. Mathnerd314 ◴[19 Nov 17 18:25 UTC] No.15735101[source]
An abandoned attempt: https://github.com/ehmry/genode-nix
replies(1): >>15735497 #
4. hyperfekt ◴[19 Nov 17 18:51 UTC] No.15735236[source]
What a coincidence. I've actually been trying to sketch out how to do this in the past few days.

I've also been looking at how projects like Hypercontainer and Clear Containers achieve minimal VM overhead to expand the model to a per-application-instance VM.

Another interesting enabling technology is VirtFS, which can be used for filesystem-level storage virtualization to gain the many benefits of COW and shared caching.

The principal question then is how to allow interaction between different application instances without the user having to manually ferry files between them, as it currently happens with AppVMs on Qubes.

replies(1): >>15735379 #
5. trizinix ◴[19 Nov 17 19:07 UTC] No.15735329[source]
I am using both Qubes and Nix(OS) and would love to combine the two somehow. Nix store doesn't mix well with the template system used by Qubes.
6. hateduser2 ◴[19 Nov 17 19:15 UTC] No.15735379[source]
Could they just copy how iOS does interaction? Different menus like the share menu for example or the password manager menu? I can’t really think of what interaction I need besides maybe ide or terminal stuff.. are both of those systems restrained by qubes? Every bash command is in its own vm? Even so the terminal should still be able to redirect outputs between programs so that can’t really be a problem can it?

Is chromes process per tab model restricted? Forking and piping in general perhaps?

replies(1): >>15735413 #
7. hyperfekt ◴[19 Nov 17 19:21 UTC] No.15735413{3}[source]
That definitely is the first thing that comes to mind, but applications need to be built under that model.

Currently all applications assume they get access to everything by default, so even if one was to be able to implement a confirmation dialog, the user would be victim to a battery of requests.

This is not to mention that isolation excludes discoverability, so users would have to manually make files visible to other applications beforehand.

replies(1): >>15735450 #
8. hateduser2 ◴[19 Nov 17 19:28 UTC] No.15735450{4}[source]
Hmm so I suppose the only problem is that developers are t aware they’re targeting qubes/ aren’t designing around qubes yet? Seems like a non issue really, since if qubes gets any traction it will literally solve itself.. although if it doesn’t get traction I suppose that’s slightly annoying tk deal with
replies(1): >>15735519 #
9. akavel ◴[19 Nov 17 19:35 UTC] No.15735497{3}[source]
IIUC, it didn't build the whole OS, it was more of a port of Nix, not whole NixOS, to Genode. But I may be wrong. As such, it could be seen as a step towards the goal. But I believe a different approach might be also possible: by starting from NixOS, and adding support for L4Linux (thus seL4 - bottom layer), then Genode On Linux (top layer), then somehow connecting the two.
10. hyperfekt ◴[19 Nov 17 19:40 UTC] No.15735519{5}[source]
Being incompatible with most available software is not a 'non issue'.

The problem won't solve itself by adoption if it never gets to that point, that's almost a perfect catch-22.

11. ohpauleez ◴[20 Nov 17 13:07 UTC] No.15739616[source]
Genode now has its own package management system with the 17.05 and 17.08 releases, informed/inspired by the work from Genode/Nix (linked in the other comment).

This means you can run Genode on NOVA with VirtualBox 5 fully integrated as the VMM, all with the improved Noux/POSIX interop components in place, and have a decent package management solution (that handles API compatibilities, multiple version installs, src vs binary deps, packages, and more). There's also Xen support with the most recent release (for cloud appliance work with Genode)

What's more, based on the roadmap and challenges, they should be bringing VirtualBox5 support to the seL4 kernel, and they even have a goal for being the virtualization foundation of QubesOS. https://genode.org/about/challenges

With the recent toolchain update and new package management system, its easier than ever to cook up your own Genode-based systems.

replies(1): >>15758081 #
12. akavel ◴[22 Nov 17 16:31 UTC] No.15758081{3}[source]
Interesting, thanks for the info! Though from the article about the system (https://genode.org/documentation/developer-resources/package...), it's not clear to me how to:

a) tweak compilation flags of libraries & apps

b) describe full set of runtime config files of an app

and thus build a single full configuration of a whole system, like in NixOS.

Hm; or can this maybe somehow be solved with the "run scripts" mentioned at the end of the article? I'm even less than a noob with regards to Genode, so I'm not sure about that.

Or does the package manager only provide Nix-like functionality, with no way for NixOS-like features?