Re: LPC 2021 presentation - Kernel cgroups and namespaces: Can they contribute to FFI claims?


elana.copperman@...
 

Thanks, Jochen. This is excellent.
We should continue this discussion, as proposed in the parallel thread.

-----Original Message-----
From: Jochen Kall <Jochen.Kall@...>
Sent: Wednesday, September 29, 2021 1:00 PM
To: Elana Copperman <Elana.Copperman@...>; Paul Albertella <paul.albertella@...>; devel@...
Subject: AW: [ELISA Technical Community] LPC 2021 presentation - Kernel cgroups and namespaces: Can they contribute to FFI claims?

Hi everyone,

just a quality of life service for those interested, the recording of the talk can be found here:
https://youtu.be/iaK_wcL1ekY?t=12393

Jochen
-----Urspr√ľngliche Nachricht-----
Von: devel@... <devel@...> Im Auftrag von
elana.copperman@...
Gesendet: Mittwoch, 29. September 2021 11:40
An: Paul Albertella <paul.albertella@...>;
devel@...
Betreff: Re: [ELISA Technical Community] LPC 2021 presentation -
Kernel cgroups and namespaces: Can they contribute to FFI claims?

Totally agreed with the problem space, and the proposed path forward.
Paul - until we sort out the final details of "development process" WG
evolution, can we use tomorrow's call for kickstarting this discussion.
A good starting point would be the presentation from last week's LPC
on Kernel cgroups and namespaces: Can they contribute to FFI claims?
https://linuxplumbersconf.org/event/11/contributions/1079/
Including some of the questions raised by Bruce and Priyanka in their
closing slide.
Regards
Elana

-----Original Message-----
From: devel@... <devel@...> On Behalf Of
Paul Albertella
Sent: Wednesday, September 29, 2021 12:23 PM
To: devel@...
Subject: Re: [ELISA Technical Community] LPC 2021 presentation -
Kernel cgroups and namespaces: Can they contribute to FFI claims?

Hi Elana,

On 29/09/2021 06:50, elana.copperman@... wrote:
And in a more general sense, what are the criteria for acceptance of
such kernel features as the basis for safety claims such as FFI?

@Paul Albertella <mailto:paul.albertella@...> - I would
hope that your new WG will be helpful to make clear guidelines on
such
questions.

Yes, that's very much my intention!

There are really two broad sets of criteria, which can be summarised
in the following two questions:

1) What role does the feature have in achieving a safety goal?
2) What gives us confidence that the feature can fulfil that role?

In my opinion, there's nothing to *prevent* us from using any Linux
feature as the basis for a safety claim, provided that we can:

* Document our answers to these questions (Assertions)
* Provide material to support these answers (Evidence)

The challenge is that we then have to satisfy a safety assessor that
these are valid and sufficient!

One of the issues we face when answering these questions for Linux
(and open source software in general) is that the 'traditional'
answers (as described in safety standards like ISO 26262) are not
always well-supported by either assertions or evidence from open source communities.

However, it's vitally important to recognise that safety standards do
allow for 'non-traditional' answers and evidence, provided that we are
prepared to make a reasoned argument to support these.

My goal with the OSEP WG is to explore specific examples of this, to
understand what Linux contributors (or maintainers) and safety system
developers (or integrators) can do to both frame better answers and
provide better evidence.

Regards,

Paul









Join devel@lists.elisa.tech to automatically receive all group messages.