PREVAIL verifier question

Posted Jun 2, 2024 17:19 UTC (Sun) by willy (subscriber, #9762)
In reply to: PREVAIL verifier question by alison
Parent article: Standardizing the BPF ISA

Seems to me that PREVAIL can run entirely in userspace:

https://github.com/vbpf/ebpf-verifier

It does talk about using sudo, but I'm pretty sure that's just to run the Linux verifier as a contrast to PREVAIL.

PREVAIL verifier question

Posted Jun 2, 2024 17:35 UTC (Sun) by alison (subscriber, #63752) [Link] (3 responses)

Thanks. Certainly if those docker invocations referred to in the document will run on Windows or MacOs, they must not need the Linux kernel.

PREVAIL verifier question

Posted Jun 2, 2024 22:55 UTC (Sun) by intelfx (subscriber, #130118) [Link] (2 responses)

> Certainly if those docker invocations referred to in the document will run on Windows or MacOs, they must not need the Linux kernel.

Isn't "Docker on Windows or MacOS" simply a Linux VM under the hood?

(That is not to say that PREVAIL needs Linux kernel. At a glance, it looks like a purely userspace solution.)

PREVAIL verifier question

Posted Jun 3, 2024 0:02 UTC (Mon) by alison (subscriber, #63752) [Link]

> Isn't "Docker on Windows or MacOS" simply a Linux VM under the hood?

On Linux, Docker is a container, so it's running the host's Linux kernel (with all the security implications thereof). Presumably therefore a Linux Docker container won't run on other hosts, but my ignorance of Windows and MacOs is total.

-- Alison, about to hit new LWN comment limit

PREVAIL verifier question

Posted Jun 3, 2024 10:44 UTC (Mon) by anselm (subscriber, #2796) [Link]

Isn't "Docker on Windows or MacOS" simply a Linux VM under the hood?

On Linux, Docker containers are glorified chroot environments. On a non-Linux machine, you need to somehow bring in the underlying Linux bits that support the glorified chroot environment, and a VM is one reasonable way of doing this.