• Andrew Pennebaker (10/10) Dec 25 2018 Some UNIX coders are looking forward to restricting system calls
• Joakim (17/27) Dec 25 2018 I wish someone would teach all these projects that you need to
• aberba (6/25) Jan 01 2019 It made sense to me. I use docker and yaml for configuration as a

Andrew Pennebaker <andrew.pennebaker gmail.com> writes:

Some UNIX coders are looking forward to restricting system calls 
with CloudABI, so that we can get similar security and 
portability to Docker, without the loss of efficiency of 
containers. What do D coders think of CloudABI?

https://nuxi.nl/

Here's an example for building C CloudABI applications with cc 
from Clang:

https://github.com/mcandre/cartel

I wonder if LDC could be similarly wired up to build CloudABI 
binaries from D source files?

Joakim <dlang joakim.fea.st> writes:

On Tuesday, 25 December 2018 at 17:36:46 UTC, Andrew Pennebaker 
wrote:
 Some UNIX coders are looking forward to restricting system 
 calls with CloudABI, so that we can get similar security and 
 portability to Docker, without the loss of efficiency of 
 containers. What do D coders think of CloudABI?

 https://nuxi.nl/

 Here's an example for building C CloudABI applications with cc 
 from Clang:

 https://github.com/mcandre/cartel

I wish someone would teach all these projects that you need to 
describe what you're actually doing up front. AFAICT just from 
their other website at https://cloudabi.org, whose front page 
isn't much better than the one you gave, that would be "A new 
capability-based C runtime and APIs so that all your cloud 
applications can be secured and run portably across any OS we 
support." What's their solution for multi-arch, separate or fat 
binaries?

Capabilities are nice, but I don't know enough about security 
tech to say if they're much better than other sandboxing tech. I 
suspect that security is still a hard sell for most, and it will 
not go farther than those few niches who care.

 I wonder if LDC could be similarly wired up to build CloudABI 
 binaries from D source files?

Of course, as all it seems to need is libc support, some API 
wrappers in D, and maybe some ABI tweaks, which is no different 
than porting D to any other common platform.

aberba <karabutaworld gmail.com> writes:

On Tuesday, 25 December 2018 at 19:26:29 UTC, Joakim wrote:
 On Tuesday, 25 December 2018 at 17:36:46 UTC, Andrew Pennebaker 
 wrote:
 [...]

 I wish someone would teach all these projects that you need to 
 describe what you're actually doing up front. AFAICT just from 
 their other website at https://cloudabi.org, whose front page 
 isn't much better than the one you gave, that would be "A new 
 capability-based C runtime and APIs so that all your cloud 
 applications can be secured and run portably across any OS we 
 support." What's their solution for multi-arch, separate or fat 
 binaries?

 Capabilities are nice, but I don't know enough about security 
 tech to say if they're much better than other sandboxing tech. 
 I suspect that security is still a hard sell for most, and it 
 will not go farther than those few niches who care.

 [...]

 Of course, as all it seems to need is libc support, some API 
 wrappers in D, and maybe some ABI tweaks, which is no different 
 than porting D to any other common platform.

It made sense to me. I use docker and yaml for configuration as a 
web developer so maybe that's why. Normally an app will get its 
configuration from envirinment variable or from the 
system...hence it becomes less portable (dependent of the host 
environment) and "insecure" like they claim.