Re: I might talk on Gnu/Hurd : FEB/10/2012 : Need you help
At last I get some time to answer this (unfortunately nobody took it
before me :) )
harish badrinath, le Wed 01 Feb 2012 14:14:37 +0530, a écrit :
> I have proposed a talk on Gnu/Hurd at http://gnunify.in/.
> I have watched http://audio-video.gnu.org/video/ghm2011/Samuel_Thibault-GNU_Hurd.ogv.
> Can you point me to similar material ??
> How do you create neighbor hurds and subhurds ?? Are there any
> documentations that you recommend ??
> (a) neighbor hurds and subhurds and LXC are there any fundamental differences ??
subhurds come from the other way than LXC: LXC is about compartimenting
things. subhurds is about re-installing all the stuff in another
compartment. It's a huge difference from a security point of view: there
is much more confidence that there is no security leak when you follow
the subhurd way. See Justus' slides: a root user in a lxc domain can
easily hurt the kernel. A subhurd just can not so easily.
> (b)supposed i am running two isolated neighbor hurds .. each have a
> process with ID 1. How will this look from the "global state" (i.e a
> state from which you can actually see two two isolated neighbor hurds)
There is no global state pid-wise: ps in the initial hurd will only show
the processes in the initial hurd. ps in the other hurd will only show
the processes in the other hurd. From the initial hurd, you can probably
ask the kernel about all tasks, and then ask the proc server of the
initial hurd for their pids. For the processes from the initial hurd it
will give a pid number, and for the others (from the other hurd), it
will answer it doesn't know them. And vice-versa for the proc server of
the other hurd and the processes there.
> (c) Hardware forwarding over network : like ssh X forwarding on
> steroids :) .. would it be possible.
Yes. That's one of the good thing of adding hurdish layers: you can then
combine. Of course the performance can get hurt depending on
asynchronicity of the protocol.
> (d) Also is having mutliple pfinet translators .. a fancy way of
> saying interface aliasing ??
> Are there any differences to interface aliasing
The stacks are separate. So you can experiment with some tcp/ip stack
implementation, without fearing losing Internet access through the other
> (e) Could i bind multiple pfinets to same cards ..
IIRC we patched somewhere so that several all pfinets receive all
packets from the network layers, so yes. In any case, there's no hard
> can i bind multiple network stacks on the same card, is this possible
> in Linux with a kernel module ??
It is possible, but they share the same address space. If your stack has
bugs it may just crash the whole kernel.
> (f) On Hurd file system is supposed to be the name-space. but fs is an
> abstractaction (AFAIK).
> So what happens when i chroot into a directory foo, which is a firm
> link to / (it is a firm link)
Then you are just back to the root, i.e. mostly a no-op. IIRC you'll
even not keep any port forwarding, because the firmlink translator
simply provides the port of /.
> Given that i know nothing about subhurds and neighbor hurds can you
> use firm links/bind mounts to try and achive 2 process in the same
> machine ( I will explain what i was trying to say if this question
> makes any sense).
What do these 2 processes need to do?