Assigning partitions/volumes to vaults
Docker containers ala SAFEcontainers
ZeroVM could also be considered for multiple vaults assigned to one HDD
Introduction to ZeroVM
What is ZeroVM?
ZeroVM is an open source virtualization technology that is based on the Chromium Native Client (NaCl) project. ZeroVM creates a secure and isolated execution environment which can run a single thread or application.
ZeroVM is designed to be lightweight, portable, and can easily be embedded inside of existing storage systems. This functionality allows developers to push their application to their data instead of having to pull their data to their application, as is the case with more traditional architectures.
While ZeroVM itself provides only raw execution environment, the ZeroVM Run Time (ZRT) includes a port of glibc and an in-memory file system.
This provides a C99 compliant environment supporting most of the POSIX syscall API. ZeroVM doesn’t expose any non C99 or non POSIX API.
All ZeroVM magic is handled transparently to the application. True to POSIX/UNIX traditions, all IO to and from ZeroVM is modeled as files. Input data is presented to application as STDIN, log as STDERR and output as STDOUT.
Communication channels with peer ZeroVM instances are also presented as files. The rest of the visible file system is all transient and memory-backed in the current implementation.
The standard C99 library and a major part of POSIX are available; however, there are some behavioral deviations from what would be expected as a “normal” implementation.
For example, since ZeroVM is deterministic, time functions always return zero. (We assume this is within the C99 standard.)
This could be interpreted by the application as if it is running on an infinitely fast computer. Threading is cooperative (handled automatically) and deterministic, hence all thread synchronization primitives are NOPs.
Developing applications for ZeroVM requires use of the provided cross-compilation GNU toolchain.