Guest post by The Codezero team has released version 0.2 of their L4 microkernel. In this release, the microkernel is fully capability checked, and they introduced the notion of containers to provide isolated execution environments.
Containers
In Codezero, containers provide the architectural infrastructure for isolation of execution environments. Each container is allocated a set of address spaces, threads, and any other resource that would otherwise be globally available on the platform, such as virtual and physical memory.
Using the simple notion of containers, it is possible to build any type of software design hierarchy. A hierarchical client/server design, or multi-threaded standalone applications are both possible scenarios.
Capabilities
Capabilities protect all resources maintained by the kernel. Currently, all system calls are protected by capabilities, except a few trivial ones that have been left out. Physical and virtual memory, typed memory pools, and inter-process communication are among other resources that are protected by capability checking.
Capabilities build upon the foundation of containers, providing a fine-grained security architecture, inside and among container boundaries.
They also introduced a capability control system call, by which the capabilities may be shared, granted and modified in different ways, enabling a highly flexible and configurable security architecture.
Configuration
The team attempted to present the above two notions in an easily manageable kernel configuration system. Containers, their parameters and capabilities may be adjusted easily at configuration time, using the CML2-based kernel configuration system.
The Codezero Project is released open source under the GPLv3 license. If you are interested in learning more, you can read this quick start guide. You can download the latest master branch using the following command:
% git clone git://git.l4dev.org/codezero.gitThe master branch is always stable, and updated very regularly. However, if you want to go for the cutting edge, use this command:
% git checkout -b devel --track origin/develAlternatively, you can download the source from the download page.
I am very excited to see renewed L4 activity. Jochen Liedtke’s untimely death really set back OS design.
The abnormal termination of a single process really shouldn’t have been able to take down the whole system like that.
Specially when we’re talking about microkernels
Actually, L4 is so tiny that Liedtke called it a “nanokernel”. It would probably qualify as a hypervisor today.
Liedtke was running multiple instances of Linux side by side with L4 “native” apps in the late 1990’s with only a 3-5% performance degradation.
Damn cool stuff, and the L4 core was only a couple thousand lines of code if memory serves.
It’s a good thing that the concept of microkernel is still alive. Can’t complain.
“Personally, I’m _not_ interested in making device drivers look like user-level. They aren’t, they shouldn’t be, and microkernels are just stupid.”
— Linus Torvalds
Edited 2009-12-08 18:32 UTC
Linus probably said that in 1994. The cpus have become much stronger and the linux kernel’s value as a component now outweighs its ability to do fast tlb and cache flushes on its own. So running everything monolithically with a single kernel is not that relevant anymore.
That is why Liedtke’s work led directly to what I think was one of the most exciting OS projects of the late 1990’s – IBM’s Sawmill project, an attempt to break up the Linux kernel services to run as components on L4.
http://www4.informatik.uni-erlangen.de/~jklein/GIFG/liedtke.pdf
Does anyone know why Sawmill died? It conincided with Liedtke’s death, but I don’t know if that was a major factor.
He said that in 2002.
http://groups.google.com/group/mlist.linux.kernel/msg/938ffa86ae60d…
Edited 2009-12-10 12:14 UTC
And Linus can never be wrong? Right?