Category Archives: Kernel

Plenty of Space Left for OS-level Innovation

As one of the few people still left without circles to drag people into I had to find some other ways to occupy some spare cycles this weekend.

One of the things I ended up spending time with was videos from Apple’s WWDC 2011, as I was curious to see what core OS changes they are making with Lion.

I’ve long been a fan of Apple Engineering and admire the really great software they are building on top of their excellent Unix foundations. The highlight in Lion for me is probably the App Sandbox. Though XPC, Versions and push notifications/iCloud are all very interesting.

The App Sandbox gives each application which opts to use it a private container. File, network and hardware access are all prevented by default unless the app has registered for an exception. Once sandboxed the application can only access files within its sandbox, if the file access exceptions are enabled the user allows the application access to other files through the standard file access sheet (dialog) and behind the scenes the Powerbox has access to the full file system and gives file access to the selected file to the application.

This means in the worst case a compromised application should only ever be able to affect the few files the user has chosen to allow into the sandbox, rather than being able to wreak havoc with the entire file system.

The App Sandbox impresses me for many reasons:

  • Learning about it I had an aha moment, I immediately began to imagine the underlying implementation of such a container mechanism.
  • The developer positioning is excellent; “come play in our sandbox and we’ll keep you and your users safe” rather than talk of jails, etc. The positioning as a last line of defence seems wise also.
  • They have a well tested kernel-level technology for sandboxing from the iOS and are able to leverage this technology created for handsets on the desktop, thanks to their shared core OS.
  • It’s trivially easy to adopt for most developers and has a clear and easy to use migration path.
    All a developer need do is opt in to the sandbox, pick which of the small amount of exceptions (15 or so?) they want for their app and that’s it.
    Migration is handled through a manifest file which tells the OS where to pull files from on first run of the newly sandboxed application.
  • Powerbox is a badly named but cleverly designed arbitrator allowing applications to work as usual whilst still offering users protection. All the application need do is use standard Apple API’s and the OS does the real work.

Next I’m going to go and read up on Linux security mechanisms. I expect that at least one of the kernel-level security frameworks will enable such behaviour, I just wonder if they are so easy for developers to adopt. Guiltily I’ve gotten into the habit of disabling SELinux each time I do a clean OS install, because when it first started cropping up there were too many things I wanted to do which were blocked and not enough time, inclination or (if I recall correctly) documentation for me to work out how to get do them in a compliant way.

I wonder how much has changed in the intervening years and what SMACK and Tomoyo do differently?

Update: I may have mocked the term Powerbox but it’s not one Apple coined, browsing some security focused OS research I discovered the term again and a little more digging revealed that Wikipedia has a section on it in their File Dialog page and that Capdesk was the first desktop environment to include a Powerbox file dialog.

Interesting OS tidbits

Spent some time on Sunday reading about various operating systems. Fun things learnt:

1. /proc (procfs), as a concept, originated from Plan 9.
2. Windows NT‘s kernel is a microkernel, just like Minix and Hurd. Well, not just like. NT isn’t a pure microkernel, but I had no idea it even used some microkernel concepts.
3. Midori is the general use version of Singularity, Microsoft Research’s language-based kernel. Built using an extension of C#. It’s rumoured that Windows Mobile 8 will be built on Midori.

Thanks for the fun Sunday morning Wikipedia!

LPC Rocked!

I’ve been a pretty lax blogger of late, well always, but nowadays I have a lot more interesting stuff to blog about and seemingly even less time to do it.

The reason I’m breaking with tradition is that I spent last week at the Linux Plumbers Conference and Kristen Carlson Accardi, the conference organiser, requested that if we enjoyed it we blog about it. Well I loved it!

The plumbing of Linux is the part I am most interested in; the kernel, libraries and low level programming. The conference was great and had an interesting mix of tracks. I didn’t manage to attend all the talks I wanted, such as the btrfs talk and the unscheduled talk on moving D-bus into the kernel (awesome idea), however I did see some fantastic talks and got to witness some fruitful discussions.

The ‘Boot and Init’ track was excellent. Arjan and Auke’s “From Naught to Sixty in 5 Seconds” talk stirred up plenty of discussion and lead to distro developers having a reduce-boot-time hack-fest. I can’t wait to get ahold of Arjan’s super readahead kernel patches and see what we can do with them. Dave Jones’ talk about initrd’s and a unified, upstream mkinitrd, while less explosive, was also good for the discussions it nurtured including ideas of trying to do away with initrd’s for the high percentage of users who run the most common hardware (by compiling the most common drivers into the kernel) and the talks main proposal of having an upstream and unified mkinitrd.

The ‘Kernel Debugging and Tracing’ track was very interesting; I particularly enjoyed the discussion of a unified buffer for the various tracing mechanisms. To the conferences credit such a feature was announced at the end of the LPC and is in active discussion on the LKML.

The rest of the tracks I attended where also really interesting but the two mentioned where the ones that really did it for me and where my main reason for wanting to be there; the wannabe academic in me regrets missing the two talks mentioned above but I pragmatically attended the tracks most useful to my work with Poky and don’t regret that one bit.

I can’t wait for the return of the conference next year and fully intend to go; I’m especiailly looking forward to being able to get more involved in some of the discussions! Portland is a cool city and I’m not at all upset the LPC will be there again next year.

Great work by the whole LPC team and big thanks to those who made it possible for me to attend and everyone who I got to hang out with in Portland – really awesome week!