"Gernot" == Gernot Heiser via Devel <devel@sel4.systems> writes:
Something's wrong with the way Apple mailer quotes emails ... it is not easy to see what's a reply. I've tried to assign quotations correctly... Demi> Will it be possible to implement a POSIX-like API on top of Demi> this? By “POSIX-like”, I mean “similar enough to POSIX that Demi> existing applications like browsers, web servers, etc can be Demi> ported fairly easily.” Having to rely on VMs for anything Demi> that isn’t written from scratch for seL4 would not be great. Gernot> We’re definitely layering an (inherently less efficient, Gernot> Posix-style) synchronous interface over the asynchronous Gernot> native API. In fact, that’s already used in your LionsOS-based Gernot> web server that runs the sel4.systems web site. Others who Gernot> are closer to the code can provide more details. We have nothing that's completely POSIX. There's a project that might be coming up that will need more of a POSIX library, but it's unclear right now how complete it will have to be. We can at the moment provide a socket interface (courtesy of LWIP); and open/close/read/write for files, that are POSIX-ish (they don't have full POSIX semantics, especially in the error cases, but are near enough). Other features used by a production webserver like NGINX or Apache (mmap(), clone(), UNIX sockets or named pipes for WSGI, SIGPOLL for async IO (or signals in general), fork()/exec() for running separate processes like PHP) are unlikely. Browsers also have moved a long way from just needing POSIX interfaces. Both Firefox and Chromium (for example) use the namespace/container features of modern kernels to sandbox unsafe javascript, WASM etc., and generally set up multiple threads/processes using clone() or fork(). In addition, the environment in which a POSIX process runs is not currently supported. On seL4, there is not a complete standard filesystem, with /dev, /proc, /tmp etc., and even if you created device nodes in /dev you'd need to do a lot of work to hook them up to the actual device implementations. (/dev actually would be doable, but seems not useful: the native LionsOS/sDDF mechanisms are much more efficient in this context, even with a POSIX read/write mechanism on top) So, in short, we can do the basic filesystem and network operations fairly easily; anything more is too hard for now. -- Dr Peter Chubb https://trustworthy.systems/ Trustworthy Systems Group CSE, UNSW Core hours: Mon 8am-3pm; Wed: 8am-5pm; Fri 8am-12pm.