CSE40677Spring2015OpenSourceSo6wareDevelopment

ProjectVision

Prof.DouglasThain

UniversityofNotreDame

SemesterGoals:1-Buildaprototypeopera0ngsysteminwhichhierarchicalcontainmentistheorganizing

principle.

2-Makeitasustainableopen-sourceprojectsothatotherscaneasily

contribute.

ModernsystemshavemanylayersofmutuallyuntrusPngso6ware.

OperaPngSystem

UserA UserB

WebBrowser

WebPage1

EmailApplicaPon

WebPage2

WebApp

VideoCodec

CodeinATachment

OtherApps

ButtheOSonlyseparatesusers.

OperaPngSystem

UserA UserB

WebBrowser

WebPage1

EmailApplicaPon

WebPage2

WebApp

VideoCodec

CodeinATachment

OtherApps

TheTradiPonalUnixModel:

•  Onlythesuper-usercancreatenewprotecPondomains(i.e.users)inordertoseparateuntrustedso6ware.

•  OrdinaryuserscannotcreatenewprotecPondomains,andsotheycannotprotectthemselvesfromuntrustedso6ware!

Thisresultsinseveralbigproblems:

•  Security:– AnordinaryprogramhasnosimplewayofprotecPngitselffromasub-program.

•  ConfiguraPon:– Userscannotsetuptheso6wareconfiguraPonthattheywanttouse,withoutge[ngthesysadminto“install”theso6wareforeveryone.

•  ContaminaPon:–  Everyso6warepackageexpectstohaveaccesstoeveryotherso6warepackagesimultaneously.

Containmentispossibletoday,butexpensiveandcomplicated:

•  MandatoryAccessControl(SELinux):SomeonemustconfiguraPontheinteracPonsofeverythingonthesystem.

•  VirtualMachines–Muchtooheavyweighttorunindividualcomponents.

•  Containers–Ge[ngbeTer,butsPlltooheavyweightjusttorunasinglewebapp,videocodec,ordataanalysistask.

•  RunPmeslikeJVM/CLR/JS–providecontainment,butonlyifyouprograminthatlanguage!

Whatwewant:

•  Containment:–  Everyprocessislimitedtoasubsetofresources(display,disk,memoryetc)andcannotventureoutsideofthoselimits.

•  HierarchicalContainment:–  EveryprocessiscapableofstarPngsub-processeswhoselimitsfallwithinthatoftheparentprocess.

•  Asaresult:–  EveryprocessiseffecPvelythesuperuserwithrespecttoallofitssub-processes.Noneedforsudo/setuid!

AprototypeoperaPngsystem:

•  AkernelthatcanmanagethemostessenPalresources(display,disk,memory)andrunsomeexampleprogramssoastoclearlydemonstratehierarchicalcontainment.

•  FocusonthedesignofthebasickernelarchitectureandsystemcallAPItoenablehierarchicalcontainment.

•  (Itmusthavesomeworkingdrivers,butthatisn’ttheinteresPngpoint.)

StarPngPoint:Basekernel

hTp://github.com/dthain/basekernel

•  Askeletonkernelthatbootsthesystemin32bitmode,andhasminimalsupportfordisks,memory,andvideo.

SketchofCompleteSystem

ATA Video MMU Others?

FileSystem

WindowSystem

MemoryManager

SystemCallAPI

AppsApps

ContainmentPolicy

SemesterGoals:1-BuildaprototypeoperaPngsysteminwhichhierarchicalcontainmentis

theorganizingprinciple.

2-Makeitasustainableopen-sourceprojectsothatotherscaneasily

contribute.

ProjectRequirements•  Apublic,highquality,andeditablewebpresencewhichincludesa

compellingprojectvision,instrucPonsfordownloadingandusingtheso6ware,technicaldocumentaPonandlinksregardingthedetailsoftheso6ware,andadescripPonofthemembershipandgovernanceoftheproject.

•  Theprojectsourcecodemustbemaintainedinapubliccoderepository,andchangesacceptedtotheprojectthroughastandardizedprocess.Theremustbeasimpleandwell-documentedprocessforbuildingandusingthesourcecode.

•  PublicvenuesforreporPngbugs,requesPnghelp,anddiscussingprojectfeatures.Thesemayincludeissuetrackers,forumso6ware,orwhateverismostappropriatetotheproject.Projectdevelopmentmustbecarriedoutusingthesetools.

•  Thefinalversionoftheso6waremustmeettherequirementsofaMinimumViableProduct(MVP)whichwillbearPculatedbytheteamearlyinthesemester.

MeePngStructure

•  Setupascheduletoworktogetheronaregularbasiseachweek,includingsomePmetosyncandpreparetheweeklyreport.

•  Presentaweeklyreporttomewithaccomplishmentsofeachmember,overallstatus,anddemoofthecurrentcode.

•  Nothingis“real”unPlitischeckedinandpublicallyvisibleonline!

Ge[ngStarted•  Selectopensourcetoolsforsourcecode,webpage,bugtracking,etc.(Thereisnoperfecttool,sopicksomethingandgoforward…)

•  Decideupondivisonoflabor,atleasttostart.(Itcanchangeasyougoforward.)

•  Getthestartercode,compileit,runitinaVM,andplayaroundwithit.

•  Picksome*simple*improvementsthatcanbedonequickly,toexerciseyourprojectprocess.

ShortTermTargets

•  ThisFriday:– Teamworkschedulesetup.–  InfrastructureselectedandiniPalized.– DemoofafewliTlehackstothecode.

•  NextFriday:– Breakdownofbigtasksintochunks.–  IniPaldivisionoflaboragreedon.– AllinfrastructureupwithiniPalusefulcontent.– FirstimprovementswriTen,debugged,accepted.