Re: [PATCH v1 0/8] x86_64 SandBox Mode arch hooks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2/14/2024 10:22 AM, Petr Tesařík wrote:
On Wed, 14 Feb 2024 06:52:53 -0800
Dave Hansen <dave.hansen@xxxxxxxxx> wrote:

On 2/14/24 03:35, Petr Tesarik wrote:
This patch series implements x86_64 arch hooks for the generic SandBox
Mode infrastructure.

I think I'm missing a bit of context here.  What does one _do_ with
SandBox Mode?  Why is it useful?

I see, I split the patch series into the base infrastructure and the
x86_64 implementation, but I forgot to merge the two recipient lists.
:-(

Anyway, in the long term I would like to work on gradual decomposition
of the kernel into a core part and many self-contained components.
Sandbox mode is a useful tool to enforce isolation.

In its current form, sandbox mode is too limited for that, but I'm
trying to find some balance between "publish early" and reaching a
feature level where some concrete examples can be shown. I'd rather
fail fast than maintain hundreds of patches in an out-of-tree branch
before submitting (and failing anyway).

Petr T


What you're proposing sounds a gigantic thing, which could potentially
impact all subsystems.  Unless you prove it has big advantages with real
world usages, I guess nobody even wants to look into the patches.

BTW, this seems another attempt to get the idea of micro-kernel into
Linux.

--
Thanks!
    Xin





[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux