Lib.rs

Operating systems
#low-level #operating-system #syscalls #kernel #abi #data #call

cloudabi

Low level interface to CloudABI. Contains all syscalls and related types.

by Mara Bos, Ed Schouten and 2 contributors

4 releases

0.1.0 Dec 22, 2019
0.0.3 Jan 10, 2018
0.0.2 Jan 4, 2018
0.0.1 Dec 24, 2017

#222 in Operating systems

Download history 31463/week @ 2024-07-21 31939/week @ 2024-07-28 31219/week @ 2024-08-04 28706/week @ 2024-08-11 33122/week @ 2024-08-18 37143/week @ 2024-08-25 31650/week @ 2024-09-01 29352/week @ 2024-09-08 26896/week @ 2024-09-15 30755/week @ 2024-09-22 29280/week @ 2024-09-29 29038/week @ 2024-10-06 30977/week @ 2024-10-13 28862/week @ 2024-10-20 30768/week @ 2024-10-27 33511/week @ 2024-11-03

126,414 downloads per month

BSD-2-Clause

105KB
1.5K SLoC

PLEASE NOTE: This entire crate including this documentation is automatically generated from cloudabi.txt

Nuxi CloudABI

CloudABI is what you get if you take POSIX, add capability-based security, and remove everything that's incompatible with that. The result is a minimal ABI consisting of only 49 syscalls.

CloudABI doesn't have its own kernel, but instead is implemented in existing kernels: FreeBSD has CloudABI support for x86-64 and arm64, and a patch-set for NetBSD and a patch-set for Linux are available as well. This means that CloudABI binaries can be executed on different operating systems, without any modification.

Capability-Based Security

Capability-based security means that processes can only perform actions that have no global impact. Processes cannot open files by their absolute path, cannot open network connections, and cannot observe global system state such as the process table.

The capabilities of a process are fully determined by its set of open file descriptors (fds). For example, files can only be opened if the process already has a file descriptor to a directory the file is in.

Unlike in POSIX, where processes are normally started with file descriptors 0, 1, and 2 reserved for standard input, output, and error, CloudABI does not reserve any file descriptor numbers for specific purposes.

In CloudABI, a process depends on its parent process to launch it with the right set of resources, since the process will not be able to open any new resources. For example, a simple static web server would need to be started with a file descriptor to a TCP listener, and a file descriptor to the directory for which to serve files. The web server will then be unable to do anything other than reading files in that directory, and process incoming network connections.

So, unknown CloudABI binaries can safely be executed without the need for containers, virtual machines, or other sandboxing technologies.

Watch Ed Schouten's Talk at 32C3 for more information about what capability-based security for UNIX means.

Cloudlibc

Cloudlibc is an implementation of the C standard library, without all CloudABI-incompatible functions. For example, Cloudlibc does not have printf, but does have fprintf. It does not have open, but does have openat.

CloudABI-Ports

CloudABI-Ports is a collection of ports of commonly used libraries and applications to CloudABI. It contains software such as zlib, libpng, boost, memcached, and much more. The software is patched to not depend on any global state, such as files in /etc or /dev, using open(), etc.

Using CloudABI

Instructions for using CloudABI (including kernel modules/patches, toolchain, and ports) are available for several operating systems:

Specification of the ABI

The entire ABI is specified in a file called cloudabi.txt, from which all headers and documentation (including the one you're reading now) is generated.

Dependencies

~110KB