linux-vserver.org Re: Security implications of untrusted apps

Fri Nov 17 17:19:04 CET 2006

Salve Gabriel!
Gabriel Ambuehl schrieb am Freitag, den 17. November 2006 um 15:25h:
> On Friday 17 November 2006 09:35, Jan Niehusmann wrote:
> > On Fri, Nov 17, 2006 at 08:59:36AM +0100, Gabriel Ambuehl wrote:
> > > I think there needs to be a process by which software can get into the
> > > repository. There's certainly some security implications that need to be
> > > taken care of...
> >
> > At that point I wondered if the phone could support some kind of sandbox
> > for untrusted apps. It could feature
>> I would very much welcome that. AppArmor or SELinux maybe but I think both are 
> rather heavy?

I know that it makes sence to reduce the cpu and mememory consumtion
as good as possible - but virtual machines/emulators offers the chance of 
more security, multiuser and to use other software....
So maybe not for everybody (especialy mass market)
- but it could be interesting for some:
http://linux-vserver.org/Installation_Considerations 
says linux-vserver is running on an ARM ;)
and vserver needs less recources than xen. *g*
So a guest should get ressources in dependency of the battery power
and bluetooth (wifi) A-GPS and GPRS access should be configurable...
To run third party software like a navigation system (e.g. tomtom), 
it could run inside a seperate guest :)
And beside security some ideas:
- share a vserver on your mobile with a friend
- spend your vserver for an open city/campus message system
- have different guest systems on a micro-SD
- run a complete "game, sienticific ..." system for the Neo1973
 as guest system.
- pralell to your productive system test a new openmoko system
Any reports/experiances about linux-vserver on an ARM?
rob