Am I missing where this article actually proposes this “isolated execution environment”? It’s mentioned in the intro and summary (and title), but the rest of the post is mainly a list of why it’s hard to do early verification of eBPF code.
Okay, this is true!
So I’m left wanting to know why the author thinks less rigid “isolation” is a suitable answer to the problem. “JavaScript does something similar” is the only detail I could find. But JavaScript notably does not run in the kernel.
Ultimately this just seems like a post saying “it’s too hard to do everything we want within the current limitations of eBPF. But makes no effort to explain why getting rid of these strictures would be worth the huge security and reliability hole it would be creating, or how they would avoid those issues.
Am I missing where this article actually proposes this “isolated execution environment”? It’s mentioned in the intro and summary (and title), but the rest of the post is mainly a list of why it’s hard to do early verification of eBPF code.
Okay, this is true!
So I’m left wanting to know why the author thinks less rigid “isolation” is a suitable answer to the problem. “JavaScript does something similar” is the only detail I could find. But JavaScript notably does not run in the kernel.
Ultimately this just seems like a post saying “it’s too hard to do everything we want within the current limitations of eBPF. But makes no effort to explain why getting rid of these strictures would be worth the huge security and reliability hole it would be creating, or how they would avoid those issues.
From https://news.ycombinator.com/item?id=43553198 .. https://news.ycombinator.com/item?id=43564972 :
> Can [or should] a microkernel run eBPF? [or WASM?]
The performance benefits of running eBPF in the kernel are substantial and justifying, but how much should a kernel or a microkernel do?