Deprecating Safe Haskell, or heavily investing in it?
ietf-dane at dukhovni.org
Tue Dec 27 23:08:04 UTC 2022
On Tue, Dec 27, 2022 at 09:39:22PM +0100, Hécate wrote:
> I came across the nsjail system from Google a little while after posting
> this thread: https://github.com/google/nsjail/#overview
Yes, this is the sort of thing that one can begin to trust, provided
that the exposed capabalities are managed only by inclusion, all system
calls, filesystem namespaces, network namespaces, ... that are not
explicitly allowed are denied.
> Perhaps we could get the most value for our buck if we externalise the
> solution to work with OS-level mechanisms? What do you think of that?
> Something based upon eBPF would certainly incur less modifications to
> the RTS?
Indeed, it would be simpler to leverage existing virtualisation and/or
containerisation technologies, than build a new microkernel within the
RTS. Consequently, I guess I am saying that "Safe Haskell" was an
interesting research project, but may be a practical dead-end.
More information about the ghc-devs