bubblewrap
QEMU
bubblewrap | QEMU | |
---|---|---|
75 | 190 | |
3,653 | 9,313 | |
2.4% | 1.7% | |
6.6 | 10.0 | |
6 days ago | 4 days ago | |
C | C | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
bubblewrap
-
I Use Nix on macOS
Nothing nix specific but you may be interested in https://github.com/containers/bubblewrap
- I reduced the size of my Docker image by 40% – Dockerizing shell scripts
- Exploring Podman: A More Secure Docker Alternative
-
Using GitLab Kubernetes Runners to Build Melange Packages
Recently, I came across Chainguard and wrote the article How to build Docker Images with Melange and Apko. As a fervent supporter of Kubernetes and GitLab CI, I was eager to experiment with building images using Melange in this particular setup. GitLab's shared Runners work seamlessly with Bubblewrap, eliminating the need for additional configurations. This post is intended for enthusiasts like myself, interested in hosting their own Kubernetes Runners and leveraging the Kubernetes Runner Type of Melange.
- how strong is the steam (runtime) sandbox for games?
- Server-side sandboxing: Containers and seccomp
-
A Study of Malicious Code in PyPI Ecosystem
```
This is basically manually invoking what Flatpak does:
https://github.com/containers/bubblewrap
This is also useful for more than just security. E.G., you can test how your app would behave on a fresh install by masking your user configuration files. I personally also have a tool that uses it to basically bundle all dependencies from an entire Linux distribution in order to make highly portable AppImages— Been meaning to post that, will get around to it eventually maybe.
The flags above should hide your user data (`--tmpfs`), disable network access (`--unshare-all`), hide/virtualize devices and OS state (`--dev` and `--proc`), and make the rest of the root filesystem read-only (`--ro-bind`— Including the insecure X11 socket in `/tmp`, which you might want to expose for GUI apps).
Check them against `bwrap --help`; I might have omitted one or two more things you'd need.
- Bubblewrap – Low-level unprivileged sandboxing tool used by Flatpak
-
Firejail: Light, featureful and zero-dependency security sandbox for Linux
While trying to find out more comparison information, found this light on details issue:
https://github.com/containers/bubblewrap/issues/81
It mentions nsjail and minijail.
QEMU
-
QEMU Version 9.0.0 Released
My most-wanted QEMU feature: https://github.com/qemu/qemu/commit/a2260983c6553
Using `gic-version=3` on macOS you can now use more than 8 cores on ARM chips.
-
Autoconf makes me think we stopped evolving too soon
A better solution is just to write a plain ass shell script that tests if various C snippets compile.
https://github.com/oilshell/oil/blob/master/configure
https://github.com/oilshell/oil/blob/master/build/detect-pwe...
Not an unholy mix of m4, shell, and C, all in the same file.
---
These are the same style as a the configure scripts that Fabrice Bellard wrote for tcc and QEMU.
They are plain ass shell scripts, because he actually understands the code he writes.
https://github.com/qemu/qemu/blob/master/configure
https://github.com/TinyCC/tinycc/blob/mob/configure
OCaml’s configure script is also “normal”.
You don’t have to copy and paste thousands of lines of GNU stuff that you don’t understand.
(copy of lobste.rs comment)
-
WASM Instructions
Related:
A fast Pascal (Delphi) WebAssembly interpreter:
https://github.com/marat1961/wasm
WASM-4:
https://github.com/aduros/wasm4
Curated list of awesome things regarding WebAssembly (wasm) ecosystem:
https://github.com/mbasso/awesome-wasm
Also, it would be nice if there was a WASM (soft) CPU for QEMU, which (if it existed!) would go here:
https://github.com/qemu/qemu/tree/master/target
-
Revng translates (i386, x86-64, MIPS, ARM, AArch64, s390x) binaries to LLVM IR
> architectural registers are always updated
In tiny code, the guest registers (global TCG variables) are stored in the host's registers until you either call an helper which can access the CPU state or you return (`git grep la_global_sync`). This is the reason why QEMU is not so terribly slow.
But after a check, this also happens when you access the guest memory address space! https://github.com/qemu/qemu/blob/master/include/tcg/tcg-opc... (TCG_OPF_SIDE_EFFECTS is what matters)
But still, in the end, it's the same problem. What QEMU does, can be done in LLVM too. You could probably be more efficient in LLVM by using the exception handling mechanism (invoke and friends) to only serialize back to memory when there's an actual exception, at the cost of higher register pressure. More or less what we do here: https://rev.ng/downloads/bar-2019-paper.pdf
-
State of x86-64 emulation of non-MacOS binaries
Um, in case you don't know, UTM (based on QEMU) is out for quite a while.
-
Multipass: Ubuntu Virtual Machines Made Easy
Some of these tools include Oracle VM VirtualBox (that I've used since before the acquisition of Sun Microsystems by Oracle), VMWare Workstation Player, and QEMU, but last year, I found out about Multipass.
-
Libsodium: A modern, portable, easy to use crypto library
For C/C++ projects that use meson as the build system, there is an excellent way to manage dependencies:
https://mesonbuild.com/Wrapdb-projects.html
https://mesonbuild.com/Wrap-dependency-system-manual.html
meson will download and build the libraries automatically and give you a variable which you pass as a regular dependency into the built target:
https://github.com/qemu/qemu/tree/005ad32358f12fe9313a4a0191...
https://github.com/harfbuzz/harfbuzz/tree/main/subprojects
https://github.com/harfbuzz/harfbuzz/blob/37457412b3212463c5...
Or, if you're using proper operating systems, they're managed by the usual package manager, just like everything else.
-
Top 6 Virtual Machine Software in 2023
For all the users of the Linux platform, QEMU is the VM that you should go for. This software comes without any price tag and works as an emulator of various machines with utmost ease and completion; the software uses dynamic translations to emulate hardware peripherals and enhances its overall performance. If you are using QEMU as a virtualizer, then it will function exactly like the host system (provided you have the right set of hardware).
- Show HN: I'm 17 and wrote this guide on how CPUs run programs
-
UTM for Developers
In this tutorial, we set up macOS and Windows virtual machines on UTM, a macOS application that provides a GUI wrapper for QEMU, a powerful open-source emulator and virtualizer. UTM allows you to easily manage and run virtual machines without memorizing complex commands. It also has special handling for macOS, making it simpler to install compared to other virtual machine software.
What are some alternatives?
firejail - Linux namespaces and seccomp-bpf sandbox
UTM - Virtual machines for iOS and macOS
flatpak - Linux application sandboxing and distribution framework
TermuxArch - Experience the pleasure of the Linux command prompt in Android, Chromebook, Fire OS and Windows on smartphone, smartTV, tablet and wearable https://termuxarch.github.io/TermuxArch/
flathub - Issue tracker and new submissions
Unicorn Engine - Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86)
nsjail - A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
Vagrant - Vagrant is a tool for building and distributing development environments.
distrobox - Use any linux distribution inside your terminal. Enable both backward and forward compatibility with software and freedom to use whatever distribution you’re more comfortable with. Mirror available at: https://gitlab.com/89luca89/distrobox
xemu - Original Xbox Emulator for Windows, macOS, and Linux (Active Development)
multipass - Multipass orchestrates virtual Ubuntu instances
em-dosbox - An Emscripten port of DOSBox