You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@mato I am also leaving for vacation and I wanted to finish a prototype before. This is a proposal for an API redesign, which should make it possible to solve some of the outstanding feature requests. Things should probably go step by step and the discussion should be on the mailing, I know ;)
But I wanted to back my uneducated ramblings on the mailing list with some code. We can continue the discussion on the mailing list as soon as you are back and the more important issues are sorted out.
My prototype works only on Linux x86_64 with seccomp (for now). I can also port it to aarch64 if desired. It is similar to spt, however it is "tenderless" (#341) and contains all the startup code directly in the binary. There is no libc and no libseccomp. This works only for spt obviously, but in that case I actually prefer that approach in contrast to having the separate loader. (Edit: If you want to execute untrusted spt images, one still needs the spt tender however).
Multiple block devices, network devices and stream devices (all statically allocated in the beginning). For simplicity there is a fixed maximal number but this could be increased easily.
No calls for block_info and net_info, everything is available at startup
Separate stack (by just mmaping the separate heap)
No error result type. Maybe not a good idea. For example the block calls could fail if the disk is full, but I don't know what the app should do in that case instead of termination if there is no possibility to save state.
Furthermore there are other bikesheds, which you can ignore:
argv/argc instead of cmdline. EDIT: I am zeroing out the environment and argv and auxv to avoid leaking information.
startup info is globally available, the pointer could also be passed to main
yield gets nanoseconds instead of deadline, "decouples" yield and monotonic calls
removed the abort call since it seems useless (?) and it just calls exit
@mato I am also leaving for vacation and I wanted to finish a prototype before. This is a proposal for an API redesign, which should make it possible to solve some of the outstanding feature requests. Things should probably go step by step and the discussion should be on the mailing, I know ;)
But I wanted to back my uneducated ramblings on the mailing list with some code. We can continue the discussion on the mailing list as soon as you are back and the more important issues are sorted out.
My prototype works only on Linux x86_64 with seccomp (for now). I can also port it to aarch64 if desired. It is similar to spt, however it is "tenderless" (#341) and contains all the startup code directly in the binary. There is no libc and no libseccomp. This works only for spt obviously, but in that case I actually prefer that approach in contrast to having the separate loader. (Edit: If you want to execute untrusted spt images, one still needs the spt tender however).
So what does it have?
Furthermore there are other bikesheds, which you can ignore:
The code is here https://gist.github.com/minad/c6f44a245f1ea481ded2535a96778be5
The text was updated successfully, but these errors were encountered: