
Show HN: Subgraph OS, the secure os - D3_4dl1N3
https://subgraph.com/sgos/graph/index.en.html
======
i4k
Trying to achieve Qubes OS concepts with containers is a very hard task.
Wondering how this can be achieved. Do they provide any paper or detailed view
of the implementation?

Some questions:

    
    
      - Do they provide their own implementation of containers or
        rely on some already existing (docker, rkt, etc)?
      - How containers communicate? what protocol?
      - How filesystem is handled? Containers have volumes for file system sharing?
      - What's the plan for devices management? How my USB
        pendrive, speaker or webcam is available inside a 
        container?

~~~
brl
Sandbox implementation is described here:

[https://github.com/subgraph/oz/wiki/Oz-Technical-
Details](https://github.com/subgraph/oz/wiki/Oz-Technical-Details)

~~~
i4k
I really liked the architecture, but I don't think container is a good name
for the kind of isolation it has. For the machinery work as expected, the
namespaced application must follow the Oz-rules/policies. Container nowadays
are complete environments, everyone with different rootfs and so, very
different of the kind of container required in subgraph. It can lead to
misinterpretation, because I cannot reuse existent distros/rootfs and package
managers to run other applications in subgraph. As I've understood, subgraph
only bind-mount the common directories from host to the namespace mount point
of process on top of a tmpfs. Hard to reuse an ubuntu app.

How persistent data will be managed isn't detailed in the document.

Seccomp-bfp is a good enhancement. It can really fix the well know security
issue of docker when using volumes with write permissions.

Still wondering what's the plan for persistent data. If someone has more info,
please share :)

------
pjc50
Nice diagram, very pretty.

It's a bit less ambitious than it sounds, though, as it's not really a
different operating system (such as sel4) but a Linux distribution with
armouring, secure defaults, Tor, and some useful userland software. Running
the PDF viewer in secure isolation is a nice touch.

It says that higher-level languages are preferred for the userland software
but doesn't say which language?

