Message5106

Author zyasoft
Recipients fwierzbicki, pekka.klarck, yanne, zyasoft
Date 2009-09-06.19:56:35
SpamBayes Score 1.8743305e-09
Marked as misclassified No
Message-id <1252266997.5.0.89067367968.issue1380@psf.upfronthosting.co.za>
In-reply-to
Content
For the JVM Language Summit, we plan to have a session on shared JVM
lang infrastructure. One thing we would like to explore is creating an
enhanced version of Nailgun that supports a secure model of
operation. Nailgun thus becomes an app container for running command
line apps, with effective startup times potentially below that of
CPython. See Charlie Grove's description:
http://www.cryptodira.com/2007/05/nailgun-your-way-to-quick-jython.html

It would be helpful to engage others in this design. Here are my initial
thoughts:

Share a secret key (perhaps in an environment variable. The
multiprocessing module in CPython does something similar;
http://docs.python.org/library/multiprocessing.html#multiprocessing-auth-keys.
Where
do we actually share the key? If in that process group, via an
environment variable might work.

Spin up a JVM.  My initial thought it to spin up the JVM container so
that it better matches the effective uid (or other OS equivalent). So
don't run it as a daemon or service, but instead as a regular
background process. Perhaps the client will spin it up on demand, with
it quietly terminating if not in use. Plus standard stuff to ensure we
only have one JVM of a given tuple like (process group, euid) or
whatever running. This might use an IPC semaphore; again we could
borrow from multiprocessing.

Any such wrappers necessarily would be written in C -- or against the
shell as necessary -- to minimize the overhead.
History
Date User Action Args
2009-09-06 19:56:37zyasoftsetmessageid: <1252266997.5.0.89067367968.issue1380@psf.upfronthosting.co.za>
2009-09-06 19:56:37zyasoftsetrecipients: + zyasoft, fwierzbicki, pekka.klarck, yanne
2009-09-06 19:56:37zyasoftlinkissue1380 messages
2009-09-06 19:56:35zyasoftcreate