by Renzo Davoli

At: FOSDEM 2020
video.fosdem.org/2020/K.4.601/uk_vuos.webm

VUOS is a different perspective on namespaces, anykernels and related concepts. The main idea behind VUOS is that it is possible to give processes their own "view" using partial virtual machines.


A partial virtual machine intercepts the system call requests and operates like a filter: system calls can be forwarded to the kernel of the hosting system or processed by the partial virtual machine hypervisor.
In this way processes can see a mix of resources provided by the kernel (on which they have the same view of the other processes) and virtual resource. It is possible to mount filesystems, load networking stacks, change the structure of the file system tree, create virtual devices.


The hypervisor is just a user process so while it gives new perspective for processes, it does not widen the attack surface of the kernel.

Room: K.4.601
Scheduled start: 2020-02-02 15:30:00