zlacker

[parent] [thread] 3 comments
1. ignora+(OP)[view] [source] 2025-05-30 20:21:17
> ... drastically restrict the syscall API surface available to the sandboxee, which quickly reduces its value ...

Depends I guess as Android has had quite a bit of success with seccomp-bpf & Android-specific flavour of SELinux [0]

> Until we have a properly hardened and memory safe OS ... faster than running MicroVMs on a Linux host.

Andy Tanenbaum might say, Micro Kernels would do just as well.

[0] https://youtu.be/WxbOq8IGEiE

replies(2): >>lillec+la >>bjackm+oQ
2. lillec+la[view] [source] 2025-05-30 21:52:02
>>ignora+(OP)
You also have gVisor, which runs all syscall through some Go history that's supposedly safe enough for Google.
replies(1): >>bjackm+pQ
3. bjackm+oQ[view] [source] 2025-05-31 08:16:57
>>ignora+(OP)
> Android

Exactly. Android pulls this off by being extremely constrained. It's dramatically less flexible than an OCI runtime. If you wanna run a random unenlightened workload on it you're probably gonna have a hard time.

> Micro Kernels would do just as well.

Yea this goes in the right direction. In the end a lot of kernel work I look at is basically about trying to retrofit benefits of microkernels onto Linux.

Saying "we should just use an actual microkernel" is a bit like "Russia and Ukraine should just make peace" IMO though.

◧◩
4. bjackm+pQ[view] [source] [discussion] 2025-05-31 08:17:19
>>lillec+la
gVisor uses virtualization
[go to top]