zlacker

[return to "Qubes OS: A reasonably secure operating system"]
1. Jeaye+E4[view] [source] 2017-11-19 17:12:33
>>ploggi+(OP)
What I'd really love to see is a marriage between NixOS and Qubes, allowing for full-system declarative configuration, including the various systems which will be running under Qubes.

NixOS has containers that show how this could work, but they're only via systemd-nspawn, so not as jailed as Qube's domUs.

◧◩
2. akavel+Q9[view] [source] 2017-11-19 18:06:59
>>Jeaye+E4
Me, I'd like to see such a marriage between NixOS and GenodeOS (which provides capabilities management and has the advantage of using a microkernel as base, so much smaller attack surface, aka TSB, than Xen + Linux)

http://www.genode.org/about/index

◧◩◪
3. Mathne+3b[view] [source] 2017-11-19 18:25:13
>>akavel+Q9
An abandoned attempt: https://github.com/ehmry/genode-nix
◧◩◪◨
4. akavel+rh[view] [source] 2017-11-19 19:35:46
>>Mathne+3b
IIUC, it didn't build the whole OS, it was more of a port of Nix, not whole NixOS, to Genode. But I may be wrong. As such, it could be seen as a step towards the goal. But I believe a different approach might be also possible: by starting from NixOS, and adding support for L4Linux (thus seL4 - bottom layer), then Genode On Linux (top layer), then somehow connecting the two.
[go to top]