←back to thread

Qubes OS: A reasonably secure operating system

(www.qubes-os.org)
441 points ploggingdev | 1 comments | 19 Nov 17 16:06 UTC | HN request time: 0.217s | source
Show context
Jeaye ◴[19 Nov 17 17:12 UTC] No.15734704[source]
What I'd really love to see is a marriage between NixOS and Qubes, allowing for full-system declarative configuration, including the various systems which will be running under Qubes.

NixOS has containers that show how this could work, but they're only via systemd-nspawn, so not as jailed as Qube's domUs.

replies(3): >>15735026 #>>15735236 #>>15735329 #
akavel ◴[19 Nov 17 18:06 UTC] No.15735026[source]
Me, I'd like to see such a marriage between NixOS and GenodeOS (which provides capabilities management and has the advantage of using a microkernel as base, so much smaller attack surface, aka TSB, than Xen + Linux)

http://www.genode.org/about/index

replies(2): >>15735101 #>>15739616 #
Mathnerd314 ◴[19 Nov 17 18:25 UTC] No.15735101[source]
An abandoned attempt: https://github.com/ehmry/genode-nix
replies(1): >>15735497 #
1. akavel ◴[19 Nov 17 19:35 UTC] No.15735497[source]
IIUC, it didn't build the whole OS, it was more of a port of Nix, not whole NixOS, to Genode. But I may be wrong. As such, it could be seen as a step towards the goal. But I believe a different approach might be also possible: by starting from NixOS, and adding support for L4Linux (thus seL4 - bottom layer), then Genode On Linux (top layer), then somehow connecting the two.