[vezzy-fnord]

The expression "non-C OS that can run Docker containers" reeks of magical thinking through and through, but for what it's worth the purpose of Docker is application containerization, which is more concerned with logical resource partitioning, infrastructure granularity and an escape from the broader state-related issues of the shared library context in the host OS.

Sandboxing is orthogonal. It so happens that some of the techniques of OS-level virtualization overlap with those of sandboxing on Linux, but Docker is nonetheless not a security tool.

Not that Docker's current libcontainer work is even at all portable. It's questionable what the current ruckus about companies backing the Open Container Project will lead to.

I'll let Theo take it from here:

"You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes."

[nickpsecurity]

There's been many highly-secure virtualization prototypes or production systems that leveraged tiny kernels with minimally-complex trusted software. Kernel-mode code for modern ones was around 10Kloc. On a virtualizable architecture, this is way easier to do than a whole OS given the complexity of the latter. Plus, it's best to entrust the best security engineers and software engineers to build it with similar to certify it rather than "a worldwide collection of software engineers" unqualified for the job.

Right people, right tools, right architecture, and right processes for knocking out defects. That's what it takes. Virtualization's well-studied enough to tackle it. Only one's trying in FOSS that I'm aware of are L4 community: esp TU Dresden Nizza architecture w/ L4 Linux, OK Labs OKL4/seL4 / OK Linux, and GenodeOS on Nova microhypervisor or OKL4. Google separation kernel, Nizza and Genode architectures to see what I mean.

[vezzy-fnord]

I'm aware of that. I was mostly responding to the specific notion of "non-C OS running Docker containers", which is asinine.

The research OS space is mostly doomed to languish in obscurity, but it seems like MirageOS just might stand a chance.

[nickpsecurity]

I totally agree on MirageOS. Very exciting work applying good principles to the container concept. Work that's gotten noticed and might get used widespread one day. A situation so rare it's worth a toast to them! Lol.

[xj9]

What about Linux-Branded Zones? They let you natively execute Linux binaries on any IllumOS-based operating system. Zones themselves have a proven security record that easily make up for the lack of real security in the container space.

That isn't to say that IllumOS and Zones are perfect, but if something that robust can be implemented in C/C++, we can do the same or better in Rust.