Running IncludeOs on Qubes

faerbersteve · September 15, 2020, 5:27pm

Hello,

has someone managed to run IncludeOS on qubes?
I tried to mount the image as cdrom but it won’t boot.
The trick with adding it as a kernel like for the mirage-firewall doesn’t work either.
The vm ends up in “no bootable device found”.

The image runs on virtmanager on a ubuntu system with xen.

IncludeOS can be setup as firewall.
I would like to replace current sys-firewall with it to make the qubes system faster.

qubicrm · September 17, 2020, 1:16pm

Hello.

I do not know IncludeOS, but you can try

If you use a “standard” configuration, then it is very easy to use to install and use. If you need special configuration of the firewall, then you must edit the rules and complile: not for me :).

Maybe you can “mimic” the installation process and suceed to install IncludeOS?

Best regards

faerbersteve · September 22, 2020, 8:39pm

Thank you for the suggestion

I tried to mimik the installation of mirage-firewall.
And I tried also the steps found in the readme file of qubes-builder-mirage
Nothing worked for me.

With Q 4.1 I created a new qube vm, stamdalone with img files in var/lib/qubes. Then replaced the root image with a image where IncludeOS is installed.
The vm is booting, but not loading IncludeOS.
And after some seconds the vm is halted because of the missing qrexec connection.
I tried to set the feature gui and qrexec to an empty string but I could not turn of this automatic shutdown of the vm.

unman · September 23, 2020, 12:23am

Could you be absolutely clear what you mean by “run IncludeOS on qubes”
and “an image where IncludeOS is installed”?
If you want to use an IncludeOS application as a qube (and I think this is
what you are saying) then this seems to be a nonstarter. Afaik an
IncludeOS application on Linux requires some dependencies that you wont
be able to install in dom0 - like qemu.

It’s quite possible that I’m talking nonsense but if you could be a little
clearer about what you want to do, and perhaps provide a concrete example,
I could be clearer too.
Specifically which Image are you trying to run?

faerbersteve · September 23, 2020, 7:01pm

IncludeOS is a minimal unikernel for C++ services.
I used a demo examples called router service and compiled it and created a bootable image.
So I am trying to get this image unikernel to run in a qube vm.

I am developing the unikernel on ubuntu 20.04.
Here he steps I did now in details to get the image:
#1 setup Includeos

apt-get install python3-pip python3-dev git cmake clang-6.0 gcc nasm make qemu
$ pip3 install setuptools wheel conan psutil jsonschema
$ conan config install https://github.com/includeos/conan_config.git

#2 get the demo examples

git clone https://github.com/includeos/demo-examples.git

#3 build router

  cd router
  mkdir build
  cd build
  conan install .. -pr clang-6.0-linux-x86_64
  source activate.sh
  cmake ..
  cmake --build .
  boot --create-bridge router_service
  source deactivate.sh

#4 create the image with

boot -g routerservice

Then I have a router_service.img file. This file I want to boot in qube.

unman · September 24, 2020, 1:52pm

IncludeOS is a minimal unikernel for C++ services.
I used a demo examples called router service and compiled it and created a bootable image.
So I am trying to get this image unikernel to run in a qube vm.

Thanks, I know what IncludeOS provides and have deployed applications
myself.
I was not able to run them under Linux without using qemu, and
that is a non-starter in Qubes, as I explained. Things may have changed.

I’m intrigued by your suggestion:

The image runs on virtmanager on a ubuntu system with xen.

Can you tell me what commands you used to do this, and what packages
you installed on the Ubuntu system?

faerbersteve · September 28, 2020, 4:02pm

Virt Manager still used qemu instead of xen.
That is why it was working.
I have problems to setup virt Manager to work with xen. I am trying to solve this.

I will give an update when I fixed this.

By the way is it possible to use virt Manager beside qube manager in QubeOS?
For developing/testing it would be interesting to have an alternative.

unman · September 29, 2020, 12:51am

OK, I see nothing to suggest that IncludeOS can be run without qemu, and
you cant install qemu without breaking Qubes, so this really is a non
starter imo.
Happy for you to prove me wrong.

faerbersteve · January 18, 2021, 8:36pm

Hi unman,

I got to run the IncludeOS sample to run on xen.
There is no change needed.
The problem is that the vga driver is not included in some examples like hello_world.
Because Include OS can run on a normal hardware, ut runs in Xen in a hvm vm.

On Ubuntu 20.04 I have installed xen and connected me to it with Virt Manager.
The image file I attach as a harddrive disk.
I added an serial port device which writes to a file.
There I can see that it has started successfully.

On Qubes (4.1) I can start now Include OS in the same way as I do in Ubuntu.
But I guess qrexec is shutting down the vm after I have started it.
I have tried to use qvm-features Incl1 qrexec -D but it is still getting killed.

Do you have an idea what I can try to prevent qubes from killing the vm?

faerbersteve · January 27, 2021, 6:17pm

Unfortunately the project IncludeOS is not maintained anymore.
Therefore I have to look for an alternative.
I know there is Mirageos but I look for a unikernel project where I can write code in C or C++

deeplow · January 27, 2021, 9:05pm

In case you’re not aware mirage is already integrated with Qubes in some parts. For example you can run a mirage-based firewall: