Navigation

Language Selection

Search

Compartmentalized computing with CLIP OS

Submitted by Roy Schestowitz on Thursday 8th of November 2018 07:22:34 PM Filed under

OS
Gentoo

The design of CLIP OS 5 includes three elements: a bootloader, a core system, and the cages. The system uses secure boot with signed binaries. Only the x86 architecture was supported in the previous versions, and there are no other architectures in the plan for now. The core system is based on Hardened Gentoo. Finally, the cages provide user sessions, with applications and documents.

Processes running in separate cages cannot communicate directly. Instead, they must pass messages using special services on the core system; these services are unprivileged and confined on the cage system, but privileged on the core. These communication paths are shown in this architecture diagram from the documentation. Cages are also isolated from the core system itself — all interactions (system calls, for example) are checked and go through mediation services. The isolation between applications will be using containers, and the team plans to use the Flatpak format. The details of the CLIP OS 5 implementation are not available yet, as this feature is planned for the stable release.

A specific Linux security module (LSM) inspired from Linux-VServer will be used to add additional isolation between the cages, and between the cages and the core system. Linux-VServer is a virtual private server implementation designed for web hosting. It implements partitioning of a computer system in terms of CPU time, memory, the filesystem, and network addressing into security contexts. Starting and stopping a new virtual server corresponds to setting up and tearing down a security context.

Login or register to post comments
Printer-friendly version
2706 reads
PDF version

More in Tux Machines

today's howtos and programming

How To Check Available Security Updates On Red Hat (RHEL) And CentOS System?
How to use the Ubuntu Logo and the Menu Icon in Ubuntu 19.04
How To Install Memcached on Ubuntu 18.04 LTS
Command-line tools for Kubernetes: kubectl, stern, kubectx, kubens
Introduction to Python 3.8 new feature — “The Walrus Operator”

Python 3.8 is in the development phase (currently in alpha phase) and it’s expected to be released in September 2019. You can read the full documentation here. As expected, it has included a lot of features — assignment expressions, position only parameters, a lot of additions to builtin modules (improved modules), etc.
PyDev of the Week: Sean McManus

This week we welcome Sean McManus (@musicandwords) as our PyDev of the Week! Sean is the author of several books, including Mission Python: Code a Space Adventure Game!, which was reviewed on this site in March. There are free chapters from his book available here. You can learn more about Sean on his website. Let’s take some time to get to know him better!
Dirk Eddelbuettel: nanotime 0.2.4

Another minor maintenance release of the nanotime package for working with nanosecond timestamps arrived on CRAN yesterday. nanotime uses the RcppCCTZ package for (efficient) high(er) resolution time parsing and formatting up to nanosecond resolution, and the bit64 package for the actual integer64 arithmetic. Initially implemented using the S3 system, it now uses a more rigorous S4-based approach thanks to a rewrite by Leonardo Silvestri.
PyCon Lithuania 2019 and a keynote on “Citizen Science with Python”

I’ve had the great pleasure of attending PyConLT 2019 – my first trip to Lithuania. I had no idea what to expect (I’ve never been to this part of Europe) – Vilnius is a lovely city full of lovely Pythonistas. There’s a bunch of lovely art hanging underneath bridges, an amazing Soviet Palace of Arts and Sports and a number of castles – it really is very lovely here.
How to write a good C main function
What is your favorite music to listen to while coding?
Python time Module

KDE: Krita Interview, KDE Developer Documentation and KDE Craft Packager

Krita Interview with Anna Hannon

I opted for trying Linux Mint, and tested Krita as my Photoshop replacement. Love at first sight! I currently run Manjaro KDE and it continues to be my only painting software (even on my Microsoft surface).
KDE Developer Documentation Update: Far from the Endgame

It has been nearly three months since I embarked on an adventure in the land known as dev docs. And while the set period for that work is coming to a close, the truth is that the journey has really only just begun. Just like the pioneers of old, the first important step is to get to survey the land and map it for future adventurers. The KDE community’s developer documentation isn’t exactly new territory but, through the years, it has grown from a garden to a huge forest with only a brave few doing the work to keep things from getting out of hand. They could use a helping hand.
KDE Craft Packager on macOS

In Craft, to create a package, we can use craft --package after the compiling and the installing of a library or an application with given blueprint name. On macOS, MacDMGPackager is the packager used by Craft. The MacDylibBundleris used in MacDMGPackager to handle the dependencies. In this article, I’ll give a brief introduction of the two classes and the improvement which I’ve done for my GSoC project.

10 Best Free Linux Docks

Docks are utility software designed to basically make launching applications and navigating between app windows as easy as possible alongside beautifying the entire process. They implement animations, app icon shadows, customization options, widgets, etc. in different ways but they all aspire to one goal – boost productivity.

15 Best Free Linux Bioinformatics Tools

Bioinformatics has been defined in many different ways, but it is common ground to regard this discipline as the application of mathematics, computing and statistics to the analysis of biological information. The objective of bioinformatics is to enable the finding of new biological insights, and to create a broader, more critical view from which unifying principles in biology can be perceived. Bioinformatics is very important in the field of human genome research. It has become crucial for large-scale measurement technologies such as DNA sequencing, microarrays, and metabolomics. The field of bioinformatics has been aided significantly by Linux-based hardware and software. There are a number of Linux distributions which offer an integrated bioinformatics workstation. The popular distribution Bio-Linux packages hundreds of bioinformatics programs spanning a number of different fields. There’s a wide selection of Linux bioinformatics tools released under an open source license. This article identifies our favorite tools which are extremely useful for anyone interested in sequence analysis, molecular modelling, molecular dynamics, phylogenetic analysis and more. We hope this feature offers a useful resource for biologists.

Latest News

Best Open Source Android Alternative OS for Smartphones

As most of the trade and technology-loving persons already heard about the US-China Trade War and Huawei-Google fight. Now, so many Huawei device users and Android enthusiasts are wondering what will be the next Android alternative OS (Operating System) for smartphones. Without Google and its services, the Android platform is difficult to run properly on a smartphone. But we also know that Huawei is a giant company and their research and development is so much effective. That means Huawei will survive with their own OS. But if you think about the different alternative operating systems that are running and available in the market. Here is the list of best Open Source Android Alternative OS for Smartphones which you can use easily. All the mentioned Android alternative operating system are open source based. These options are available to us.

Events: Linux Plumbers, SUSE in Germany and LibreOffice Paris HackFest

Linux Plumbers Earlybird Registration Quota Reached, Regular Registration Opens 30 June

A few days ago we added more capacity to the earlybird registration quota, but that too has now filled up, so your next opportunity to register for Plumbers will be Regular Registration on 30 June … or alternatively the call for presentations to the refereed track is still open and accepted talks will get a free pass.
Gartner IT Infrastructure, Operations and Cloud Strategies Conference Frankfurt 2019

In a week’s time, team SUSE will be heading to Frankfurt, Germany for this year’s Gartner IT Infrastructure, Operations and Cloud Strategies Conference. Hundreds of attendees from all around Europe will be paying Kap Europa Congress Centre in Frankfurt a visit – to network, speak to exhibitors, pick up valuable nuggets of information from the Gartner analysts, attend sessions to learn more about the latest happenings in IT infrastructure and operations and enjoy all that the beautiful city of Frankfurt has to offer.
LibreOffice Paris HackFest

The LibreOffice Paris HackFest 2019 will take place on the weekend of July 5th-6th, at le 137, which is at 137 Boulevard Magenta, Paris 10e, France. The event is sponsored by INNO3, hosting the hackfest in their building, and The Document Foundation, providing reimbursement for travels and accommodations. LibreOffice Paris HackFest will start on Friday at 10AM. During the day there will be an informal meeting of the French community, to discuss local activities, while developers and other volunteers will hack the LibreOffice code. The venue will be available until 2AM. On Saturday the venue will open at 10AM, to allow people to continue working, and share hackfest results. The event will officially end at 8PM, but on Sunday there will be a city tour.

Security: GNU/Linux in Space (After Windows Viruses), Fingerprint Pseudo-Security, Mainframe Security and Slackware Updates

Space: New cybercrime battlefield? [Ed: Space has already dumped Microsoft Windows and moved to GNU/Linux (Debian) for security reasons. The famous incident has just been mentioned here.]

In the same vein, is it believable for a virus to infect a space station orbiting at a distance of over 330 km above the earth? It shocked astronauts on board to find their Windows XP-based laptops on the International Space Station (ISS) infected with a virus called W32.Gammima in 2008. Gammima.AG worm is a malware that gathers and transmits sensitive gaming data to an attacker. Investigations later revealed that unsuspecting Russian cosmonauts had inadvertently carried infected USB storage devices aboard the station spreading computer viruses to the connected computers. The damage by the malware to the computer systems of the ISS is unknown to date.
OnePlus 7 Pro Fingerprint Scanner Hacked By Classic Hacking Technique

OnePlus has recently launched its much-awaited OnePlus 7 Pro which is considered as one of the best smartphones of 2019 by many. Packing the latest Snapdragon processor, triple camera setup, UFS 3.0 and a 30W Warp Charging, the smartphone is a complete package but how safe is it? Speaking of safety, a YouTuber has managed to hack the in-display fingerprint scanner of OnePlus 7 Pro within a few minutes. Going by the name Max Tech, this YouTuber deployed the classic print molding hacking technique to get past the fingerprint reader. If you have bought the smartphone or you’re a potential buyer then I must tell you that OnePlus 7 Pro is not the first device to be hacked by this technique.
Just how secure are mainframes?

The days of mainframe security by obscurity are long gone. Everyone – especially hackers – knows that there are lots of valuable data sitting on mainframes. So, how aware are mainframe-using organizations about what it takes to secure all the components of a mainframe environment? Key Resources Inc has announced the findings from a new study conducted by Forrester Consulting carried out in February 2019. The survey questioned 225 IT management and security decision makers in North America.
[Slackware] April ?19 release of OpenJDK 8

Early May I was confined to my bed, immobilized on my side and under medication, after I had incurred a second back hernia in four months’ time. And so I missed the announcement on the OpenJDK mailing list about the new icedtea-3.12.0. Why again is that important? Well, the IcedTea framework is a software harness to compile OpenJDK with ease. Andrew Hughes (aka GNU/Andrew) who is the release manager still did not update his blog with this announcment, but nevertheless: the new Java8 that we will get is OpenJDK 8u212_b04. This release syncs the OpenJDK support in IcedTea to the official April 2019 security fixes for Java. I built Slackware packages for Java 8 Update 212 so that you do not have to succumb to the official Oracle binaries which are compiled on God-knows what OS.

Syndication & Social Media

Follow the site via RSS/Twitter.

Full RSS:

RSS feeds for particular topics are also available

Twitter:

Content (where original) is available under CC-BY-SA, copyrighted by original author/s.

Support Tux Machines

Help Support TM
Wall of Appreciation

Softpedia News

Gizmoz

LXer

Linux Journal

Linux Today

Ars

LinuxSecurity.com Advisories

Debian

It's FOSS

OMG! Ubuntu!

GamingOnLinux

Slashdot

DW Latest Releases

DistroWatch

More on Tux Machines: About ● Gallery ● Forum ● Blogs ● Search ● News ● RSS Feed

Part of Bytes Media ● Sister sites below.

FSF

Ubuntu Buzz

LinuxLinks

Content available under CC-BY-SA

Navigation

Language Selection

Search

Tux Machines Section/s

Authors Information

LWN

Active forum topics

Phoronix

OpenSource.com

Linux Gizmos

Insider

Linux.com

Kde Planet

Fedora Magazine