sig: notes for 2017-06-07

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>

reports/sig-security/2017-06-07.md

@@ -3,7 +3,9 @@ Time: **9am PDT** (12pm EDT, 5pm BST) [see the time in your timezone](https://ww
 
 Meeting location: https://docker.zoom.us/j/779801882
 
-Announcement: Moby project forum post coming soon!
+Announcement: [Moby project forum post](https://forums.mobyproject.org/t/2017-06-07-linuxkit-security-sig-meeting/58)
+
+Video recording: Processing, coming soon!
 
 Previous meeting notes: [2017-05-24](2017-05-24.md)
 
@@ -13,7 +15,7 @@ Previous meeting notes: [2017-05-24](2017-05-24.md)
   - proof-of-concept in LinuxKit repo
   - proposed process for promotion to channel, out of channel
 - buildchain security: PIE/ASLR for packages @fntlnz (10 min)
-- `miragesdk` deep dive - @avsm @samoht (20 min)
+- `miragesdk` deep dive - @avsm @samoht @yomimono @talex5 (20 min)
   - What is it?  Why do we care?
   - RFC: which system daemons should we implement?
   - architecture deep dive
@@ -24,3 +26,51 @@ Previous meeting notes: [2017-05-24](2017-05-24.md)
   - we can propose additional deep dives and discussion topics!
 
 ## Meeting Notes
+Scribe: @mgoelzer
+
+- Introductions for new attendees - welcome!
+
+- probational channel:
+    - calling it “Probational Channel” (vs “hardened” to avoid implying that LinuxKit itself is soft)
+    - goal is to have a curated channel of what’s in `/projects`
+    - also goal:  reduce bit rot
+    - RFC here:  https://docs.google.com/document/d/1V3R_eF-_JTEcWmw_pKERuRAWMDxZ3iCy_6piLPhtZSA/edit#heading=h.99zlrcqz1kzx
+    - goal of RFC is build your project based on a delta against base LinuxKit (e.g., add Wireguard, add Landlock)
+    - @cschaufler:  let’s have at least one that is all the projects, and then others for explicitly requested combos of projects
+    - @justincormack:  probation/promotion is orthogonal to the tooling problem.
+    - against any tooling in the project, tooling should be upstream.
+    - @avsm:  just have a Makefile snippet you can include, will help with the bit rot problem
+
+- buildchain security:
+    - discussion lead:  @fntlnz
+    - issues are PIEs, ASLR, signing.  Binaries today are not using linker best practices.
+    - two concerns:
+        - we should be using PIE, ASLR - current state discussed on [issue](https://github.com/linuxkit/linuxkit/issues/1902)
+            - golang compiling produces [static PIE executables](https://github.com/linuxkit/linuxkit/blob/master/tools/go-compile/compile.sh#L100)
+            - c compiling benefits from Alpine Linux default flags
+        - we have to check that future binaries in LinuxKit builds should be compiled with the appropriate flags
+            - including stuff written in other languages like Rust
+    - we would benefit from tools to start binary in isolation, look at its runtime environment - works with anything (libc, muscl, etc)
+        - @cschaufler: take a look at Yocto’s buildchain checks
+        - @avsm:  need to modify some language configs as well (for OCaml binaries)
+    - @justincormack:  runc is not linked correctly
+    - @riyazdf:  next meeting let’s also discuss how we can go beyond signing, better checks
+
+- mirageSDK
+    - discussion lead:  @avsm
+    - slides:  https://speakerdeck.com/avsm/a-modern-services-sdk-for-linuxkit
+    - goal is to rebuild the services on top of LinuxKit with advanced security features:
+        - type safety
+        - container-native daemons
+    - daemons:  [dhcpd in repo today](https://github.com/linuxkit/linuxkit/tree/master/projects/miragesdk), working on others.  Open to feedback for prioritizing future type-safe daemons (ntp, dns, https, etc)
+    - containerized, but still written in C and require high system privilege
+    - want to make these components less monolithic, more container native.
+    - dhcpd:
+        - in a cloud environment, you really only need it once.  You’re more likely to kill machine than want to change its IP after boot.
+        - requires very low level access - eg IP route tables
+        - described 3-part priv separated architecture
+    - Capnp - RPC system for how these 3 processes communicate
+    - @yomimono: demo fuzz testing with American Fuzzy Lop (afl)
+        - asciinema of demo: https://asciinema.org/a/3ljccmn19m25uj02kve678xp6
+        - afl:  http://lcamtuf.coredump.cx/afl/
+    - Also focusing on other services:  DNS, HTTPS