Native Client
Google Native Client (abbreviated as NaCl) is a sandboxing system for running a subset of Intel x86 native code using software-based fault isolation. It is proposed for safely running native code from a web browser, allowing web-based applications to run at near-native speeds.
NaCl is an ingenious hack to get around the problem that existing OSes don't provide adequate security mechanisms for sandboxing native code.
glibc port
In order to make it easier to run GNU/Linux programs under NaCl, and to run programs that require dynamic linking, I am porting glibc to NaCl.
The port is at the stage where it can run simple statically-linked and dynamically-linked programs, both from the command line and from the web browser. It can run Python 2.6; no changes to Python were required.
Upstream NaCl does not support dynamically loading code; my NaCl branch has some changes to support this.
NativeClient/Changes - changes made to NaCl and glibc
NativeClient/Building - how to build the glibc port and associated NaCl branch
NativeClient/Plugin - experimental minimal browser plugin for NaCl
NativeClient/Ncrewrite - convert executables that run under NaCl to run natively on Linux for building and testing purposes
Further tasks
Make the dynamic loading support secure.
- Make the dynamic loading support work on Windows as well as Linux.
- Make the DOM usable from Python.
Create a Python extension module wrapping imc_sendmsg() and imc_recvmsg()
- Write proxying code for the Javascript and Python sides.
See also
Blog posts:
January 2009: NaCl as compared to Plash
January 2009: On ABI and API compatibility
May 2009: Progress on Native Client
June 2009: Python standard library in Native Client