Wrote an example for this (examples/pipes/main.rs). Wrote the specification for this application to be launched with the shim (examples/pipes/spec.json). I think this is very neat and certainly a focal point of the project. This style of request driven programming that the shim enables with a powerful level of privilege dropping each time should be useful. The spec is also pretty easy to parse and even write for this too."><metaname=authorcontent="Jake Hillion"><linkrel=canonicalhref=https://blog.hillion.co.uk/posts/weekly-2022-02-28/><linkcrossorigin=anonymoushref=/assets/css/stylesheet.min.48a18943c2fc15c38a372b8dde1f5e5dc0bc64fa6cb90f5a817d2f8c76b7f3ae.cssintegrity="sha256-SKGJQ8L8FcOKNyuN3h9eXcC8ZPpsuQ9agX0vjHa3864="rel="preload stylesheet"as=style><scriptdefercrossorigin=anonymoussrc=/assets/js/highlight.min.b95bacdc39e37a332a9f883b1e78be4abc1fdca2bc1f2641f55e3cd3dabd4d61.jsintegrity="sha256-uVus3DnjejMqn4g7Hni+Srwf3KK8HyZB9V4809q9TWE="onload=hljs.initHighlightingOnLoad()></script>
<script>vardoNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];functiongtag(){dataLayer.push(arguments)}gtag("js",newDate),gtag("config","G-4CXXF49E7M",{anonymize_ip:!1})}</script><metaproperty="og:title"content="Jake's Weekly - 28th Feb 2022"><metaproperty="og:description"content="ResearchProjectProcessIsolationExpandedtheshimwithsocalledPipeTriggers.
Wrote an example for this (examples/pipes/main.rs). Wrote the specification for this application to be launched with the shim (examples/pipes/spec.json). I think this is very neat and certainly a focal point of the project. This style of request driven programming that the shim enables with a powerful level of privilege dropping each time should be useful. The spec is also pretty easy to parse and even write for this too."><metaproperty="og:type"content="article"><metaproperty="og:url"content="https://blog.hillion.co.uk/posts/weekly-2022-02-28/"><metaproperty="article:section"content="posts"><metaproperty="article:published_time"content="2022-02-28T11:00:00+00:00"><metaproperty="article:modified_time"content="2022-02-28T11:00:00+00:00"><metaproperty="og:site_name"content="Jake Hillion"><metaname=twitter:cardcontent="summary"><metaname=twitter:titlecontent="Jake's Weekly - 28th Feb 2022"><metaname=twitter:descriptioncontent="ResearchProjectProcessIsolationExpandedtheshimwithsocalledPipeTriggers.
Wrote an example for this (examples/pipes/main.rs). Wrote the specification for this application to be launched with the shim (examples/pipes/spec.json). I think this is very neat and certainly a focal point of the project. This style of request driven programming that the shim enables with a powerful level of privilege dropping each time should be useful. The spec is also pretty easy to parse and even write for this too."><scripttype=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://blog.hillion.co.uk/posts/"},{"@type":"ListItem","position":2,"name":"Jake's Weekly - 28th Feb 2022","item":"https://blog.hillion.co.uk/posts/weekly-2022-02-28/"}]}</script><scripttype=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"Jake'sWeekly-28thFeb2022","name":"Jake\u0027sWeekly-28thFeb2022","description":"ResearchProjectProcessIsolationExpandedtheshimwithsocalledPipeTriggers.\nWroteanexampleforthis(examples/pipes/main.rs).Wrotethespecificationforthisapplicationtobelaunchedwiththeshim(examples/pipes/spec.json).Ithinkthisisveryneatandcertainlyafocalpointoftheproject.Thisstyleofrequestdrivenprogrammingthattheshimenableswithapowerfullevelofprivilegedroppingeachtimeshouldbeuseful.Thespecisalsoprettyeasytoparseandevenwriteforthistoo.","keywords":[],"articleBody":"ResearchProjectProcessIsolationExpandedtheshimwithsocalledPipeTriggers.\nWroteanexampleforthis(examples/pipes/main.rs).Wrotethespecificationforthisapplicationtobelaunchedwiththeshim(examples/pipes/spec.json).Ithinkthisisveryneatandcertainlyafocalpointoftheproject.Thisstyleofrequestdrivenprogrammingthattheshimenableswithapowerfullevelofprivilegedroppingeachtimeshouldbeuseful.Thespecisalsoprettyeasytoparseandevenwriteforthistoo.It’sgettingslightlyhardtovalidatementally,soageneralpurposevalidationfunctioniswrittentovalidateitprogramatticallybeforelaunching(Specification::validate).Builttheechoexample,stillinC,readytobedemoedwiththeshim(examples/echo/echo.c).\nStartedpreparingaspecificationfortheechoserver(examples/echo/spec.json).Thisisaworkinprocesstotestnewfeaturesaddedtothespecformat,itdoesn’trunyetandneedsadditionalsupportbeforeitwill.Havingsometroublenailingdownanabstractionofnetworkingthatprovidesenoughforexistingappstowork,andalsosupportsnewappsinaniceandabstractway.Ithinkthismightresultintwomethods:anIP-networkfirewallbasedmethodforoutboundtraffic,e.g.thisprocessshouldbeabletoaccessmydatabasenetworkon§10.152.163.0/24`butnotthepublicInternet.Thenasecondabstraction,perhapsintheformofgivemespecificports,thatallowsinboundtraffic.Notclearyetthough.Thespecificationformatstillfeelsprettygoodforamorecomplexapplikethis,evenifitisgettingatadverbose.ThedataflowcreatedhereofAppListener-\u003eShim-\u003en*RequestHandlerfeelsprettygoodforanyrequestdrivendevelopment.Althoughthelistenercouldprobablybealibraryfunction,it’sstillneattowriteandsimplifiestheCprogramsignificantly,whileprovidinggoodisolationbetweenthetwo.Startedworkonintegratingthissolutionmoretightlywithalanguage(inthiscase,Rust).\nLookingintoamacrobasedsolution,butI’mnotsureit’sthatmuchsuperiortostraightupcode.UnfortunatelygoinganywherenearwritingmacroswascausingmyIDEtocrash,sothisneedstobesolvedbeforelookingmoreintoit.Caremustbetakenthatthelanguagespecificbitsdon’tovertakethelanguageagnosticbits.Multi-ProcessMonitor(forktop)Mixedprogressonthisone.OntryingtowriteaTerminalUserInterfaceforthisone,Iwasdisappointedwiththeavailableoptions.ThereforeIstartedwritingmyown…(stateful-tui).\nHass
<spanclass=logo-switches><buttonid=theme-toggleaccesskey=ttitle="(Alt + T)"><svgid="moon"xmlns="http://www.w3.org/2000/svg"width="24"height="24"viewBox="0 0 24 24"fill="none"stroke="currentcolor"stroke-width="2"stroke-linecap="round"stroke-linejoin="round"><pathd="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svgid="sun"xmlns="http://www.w3.org/2000/svg"width="24"height="24"viewBox="0 0 24 24"fill="none"stroke="currentcolor"stroke-width="2"stroke-linecap="round"stroke-linejoin="round"><circlecx="12"cy="12"r="5"/><linex1="12"y1="1"x2="12"y2="3"/><linex1="12"y1="21"x2="12"y2="23"/><linex1="4.22"y1="4.22"x2="5.64"y2="5.64"/><linex1="18.36"y1="18.36"x2="19.78"y2="19.78"/><linex1="1"y1="12"x2="3"y2="12"/><linex1="21"y1="12"x2="23"y2="12"/><linex1="4.22"y1="19.78"x2="5.64"y2="18.36"/><linex1="18.36"y1="5.64"x2="19.78"y2="4.22"/></svg></button></span></div><ulid=menu><li><ahref=https://blog.hillion.co.uk/categories/title=categories><span>categories</span></a></li><li><ahref=https://blog.hillion.co.uk/tags/title=tags><span>tags</span></a></li></ul></nav></header><mainclass=main><articleclass=post-single><headerclass=post-header><divclass=breadcrumbs><ahref=https://blog.hillion.co.uk/>Home</a> » <ahref=https://blog.hillion.co.uk/posts/>Posts</a></div><h1class=post-title>Jake's Weekly - 28th Feb 2022</h1><divclass=post-meta><spantitle='2022-02-28 11:00:00 +0000 UTC'>February 28, 2022</span> · 4 min · Jake Hillion</div></header><divclass=post-content><h2id=research-project>Research Project<ahiddenclass=anchoraria-hidden=truehref=#research-project>#</a></h2><h3id=process-isolation>Process Isolation<ahiddenclass=anchoraria-hidden=truehref=#process-isolation>#</a></h3><ul><li><p>Expanded the shim with so called PipeTriggers.</p><ul><li>Wrote an example for this (<ahref=https://gitea.hillion.co.uk/JakeHillion/clone-shim/src/branch/main/examples/pipes/main.rs>examples/pipes/main.rs</a>).</li><li>Wrote the specification for this application to be launched with the shim (<ahref=https://gitea.hillion.co.uk/JakeHillion/clone-shim/src/branch/main/examples/pipes/spec.json>examples/pipes/spec.json</a>).</li><li>I think this is very neat and certainly a focal point of the project. This style of request driven programming that the shim enables with a powerful level of privilege dropping each time should be useful.</li><li>The spec is also pretty easy to parse and even write for this too. It’s getting slightly hard to validate mentally, so a general purpose validation function is written to validate it programattically before launching (<ahref=https://gitea.hillion.co.uk/JakeHillion/clone-shim/src/branch/main/src/specification.rs#L121-L160>Specification::validate</a>).</li></ul></li><li><p>Built the echo example, still in C, ready to be demoed with the shim (<ahref=https://gitea.hillion.co.uk/JakeHillion/clone-shim/src/branch/main/examples/echo/echo.c>examples/echo/echo.c</a>).</p><ul><li>Started preparing a specification for the echo server (<ahref=https://gitea.hillion.co.uk/JakeHillion/clone-shim/src/branch/main/examples/echo/spec.json>examples/echo/spec.json</a>).<ul><li>This is a work in process to test new features added to the spec format, it doesn’t run yet and needs additional support before it will.</li></ul></li><li>Having some trouble nailing down an abstraction of networking that provides enough for existing apps to work, and also supports new apps in a nice and abstract way.<ul><li>I think this might result in two methods: an IP-network firewall based method for outbound traffic, e.g. this process should be able to access my database network on §10.152.163.0/24` but not the public Internet. Then a second abstraction, perhaps in the form of give me specific ports, that allows inbound traffic. Not clear yet though.</li></ul></li><li>The specification format still feels pretty good for a more complex app like this, even if it is getting a tad verbose.</li><li>The dataflow created here of App Li
<ahref=https://git.io/hugopapermodrel=noopenertarget=_blank>PaperMod</a></span></footer><ahref=#toparia-label="go to top"title="Go to Top (Alt + G)"class=top-linkid=top-linkaccesskey=g><svgxmlns="http://www.w3.org/2000/svg"viewBox="0 0 12 6"fill="currentcolor"><pathd="M12 6H0l6-6z"/></svg></a><script>letmenu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();vart=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>varmybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script></body></html>