zlacker

[return to "Qubes OS: A reasonably secure operating system"]
1. Jeaye+E4[view] [source] 2017-11-19 17:12:33
>>ploggi+(OP)
What I'd really love to see is a marriage between NixOS and Qubes, allowing for full-system declarative configuration, including the various systems which will be running under Qubes.

NixOS has containers that show how this could work, but they're only via systemd-nspawn, so not as jailed as Qube's domUs.

◧◩
2. akavel+Q9[view] [source] 2017-11-19 18:06:59
>>Jeaye+E4
Me, I'd like to see such a marriage between NixOS and GenodeOS (which provides capabilities management and has the advantage of using a microkernel as base, so much smaller attack surface, aka TSB, than Xen + Linux)

http://www.genode.org/about/index

◧◩◪
3. ohpaul+Sl1[view] [source] 2017-11-20 13:07:38
>>akavel+Q9
Genode now has its own package management system with the 17.05 and 17.08 releases, informed/inspired by the work from Genode/Nix (linked in the other comment).

This means you can run Genode on NOVA with VirtualBox 5 fully integrated as the VMM, all with the improved Noux/POSIX interop components in place, and have a decent package management solution (that handles API compatibilities, multiple version installs, src vs binary deps, packages, and more). There's also Xen support with the most recent release (for cloud appliance work with Genode)

What's more, based on the roadmap and challenges, they should be bringing VirtualBox5 support to the seL4 kernel, and they even have a goal for being the virtualization foundation of QubesOS. https://genode.org/about/challenges

With the recent toolchain update and new package management system, its easier than ever to cook up your own Genode-based systems.

[go to top]