Language Selection

English French German Italian Portuguese Spanish

Compartmentalized computing with CLIP OS

Filed under
OS
Gentoo

The design of CLIP OS 5 includes three elements: a bootloader, a core system, and the cages. The system uses secure boot with signed binaries. Only the x86 architecture was supported in the previous versions, and there are no other architectures in the plan for now. The core system is based on Hardened Gentoo. Finally, the cages provide user sessions, with applications and documents.

Processes running in separate cages cannot communicate directly. Instead, they must pass messages using special services on the core system; these services are unprivileged and confined on the cage system, but privileged on the core. These communication paths are shown in this architecture diagram from the documentation. Cages are also isolated from the core system itself — all interactions (system calls, for example) are checked and go through mediation services. The isolation between applications will be using containers, and the team plans to use the Flatpak format. The details of the CLIP OS 5 implementation are not available yet, as this feature is planned for the stable release.

A specific Linux security module (LSM) inspired from Linux-VServer will be used to add additional isolation between the cages, and between the cages and the core system. Linux-VServer is a virtual private server implementation designed for web hosting. It implements partitioning of a computer system in terms of CPU time, memory, the filesystem, and network addressing into security contexts. Starting and stopping a new virtual server corresponds to setting up and tearing down a security context.

Read more

More in Tux Machines

Programming: C++, Python and In-house OpenJDK Implementation of Alibaba

  • Next C++ workshop: Pointers and Linked Lists, 28 March at 19:00 UTC
    Another workshop is coming up! Improve your C++ skills with the help of LibreOffice developers: we’re running regular workshops which focus on a specific topic, and are accompanied by a real-time IRC meeting. For the next one, the topics are Pointers and Linked Lists. Start by watching this presentation:
  • Python programming language: Pyboard D-series arrives for MicroPython robots
    The new Pyboard D-series micro-controller is now available for purchase at a rather hefty price of £43 ($56), offering developers a low-powered device for running programs created with MicroPython, a stripped-back version of the hugely popular Python 3 programming language.
  • Commenting Python Code
    Programming reflects your way of thinking in order to describe the single steps that you took to solve a problem using a computer. Commenting your code helps explain your thought process, and helps you and others to understand later on the intention of your code. This allows you to more easily find errors, to fix them, to improve the code later on, and to reuse it in other applications as well. Commenting is important to all kinds of projects, no matter whether they are - small, medium, or rather large. It is an essential part of your workflow, and is seen as good practice for developers. Without comments, things can get confusing, real fast. In this article we will explain the various methods of commenting Python supports, and how it can be used to automatically create documentation for your code using the so-called module-level docstrings.
  • Documenting Python Projects With Sphinx and Read The Docs
  • Django Migrations 101
  • PyCoder’s Weekly: Issue #361 (March 26, 2019)
  • MongoDB connections
  • Alibaba Dragonwell8 : The In-house OpenJDK Implementation At Alibaba
    Alibaba requires no introduction. It is one of the popular and largest multinational conglomerate founded by Jack Ma, a business magnate and philanthropist from China. It is also world’s fifth-largest internet company by revenue. It specializes in various sectors such as e-commerce, retail, Internet and technology. Alibaba team has provided significant contribution to open source projects. One such project is OpenJDK. The development team at Alibaba has developed many Java-based applications over the years. They have adopted OpenJDK and created their own JDK named “Alibaba Dragonwell8”. It is the downstream version of OpenJDK and completely open source. Alibaba Dragonwell is optimized for developing e-commerce, financial, logistics applications which are running on their 100k+ servers. It is certified as compatible with the Java SE standard. It is currently supports Linux/x86_64 platform only. Let us hope they will extend the support to Unix and other platforms soon. In this guide, we will see how to install Alibaba Dragonwell8 in Linux. I have tested this guide on Ubuntu 18.04 LTS server. However, it should work on other Linux distributions as well.

4MLinux 29.0 BETA released.

4MLinux 29.0 BETA is ready for testing. Basically, at this stage of development, 4MLinux BETA has the same features as 4MLinux STABLE, but it provides a huge number of updated packages. Read more

Why We Need Our Nonprofits

SPARC was at best a relatively small success. But RISC did succeed, massively, with ARM (which stands for Advanced RISC Machine). ARM started as the Acorn RISC Machine in 1983. Today, most of the world's mobile devices run ARM chips. I don't know how well the CHIPS Alliance will do, but I do know that only an entity big and experienced enough to pull giant competing companies together can do it. For Linux, that's the Linux Foundation. I'm glad we have it. I'm also glad we have the Software Freedom Conservancy. Times are getting tough for FLOSS, and we need all the help we can get. Read more

See GNOME 3.32 on Ubuntu 19.04 Beta

Although the 19.04 is still not officially released this March, but even today we can download the development version and run it (LiveCD) on our computer. We find that it includes the 3.32, the latest version of GNOME desktop environment. I want to highlight some interesting aspects of it on Ubuntu as we saw it on Fedora Rawhide few days ago. I suggest you to download the 19.04 daily-live ISO and quickly test it, I believe you can feel the performance improvements especially how quick it's now to open the start menu and it's now even quicker to search files on Nautilus. Here we go. Happy testing! Read more