The Lions Operating System

209 points by plunderer 4 months ago

Presumably named after Associate Professor John Lions[0], of A Commentary on the UNIX Operating System[1] fame.

[0] https://en.wikipedia.org/wiki/John_Lions

[1] https://en.wikipedia.org/wiki/A_Commentary_on_the_UNIX_Opera...

woolion - 4 months ago

The mascot it super cute lion too. How can a project do everything so right? I was browsing some popular python libraries and they just slapped on the first image they got out of ChatGPT. It's nice to see care in the craft.
santoshalper - 4 months ago

It's developed by UNSW Sydney, whose mascot is a Lion. (Specifically, "Clancy the Lion"), so I am guessing it's probably that.
- kragen - 4 months ago
  
  That's also where John Lions taught.
  - skavi - 4 months ago
    
    John Lions is not Lions OS is not is not Clancy the Lion
- imvetri - 4 months ago
  
  What does mascot mean
  - saithound - 4 months ago
    
    A mascot is an animal figure that represents a product or sports team. For example, the penguin named Tux is the mascot of Linux, and the mascot for the Brisbane Broncos rugby team is the horse named Buck the Bronco.
    Mascot is, unrelatedly, also a suburb of Sydney.
mlinksva - 4 months ago

It is https://www.youtube.com/watch?v=W8Ka_8kHTj4&t=903s
snvzz - 4 months ago

Not presumably, but explicitly. Both in documentation and presentations by seL4 they consistently make a point to mention so.
mzs - 4 months ago

aka the Lions book

While folks keep discussing C vs Rust, what got my attention was MicroPython and Pancake (https://trustworthy.systems/projects/pancake).

mhd - 4 months ago

When I read about Pancake, for a very short moment I was hoping for some Elan[1] influences…
1: https://os.inf.tu-dresden.de/L4/l3elan.html
- bolangi - 4 months ago
  
  For a short while, I ran the Eumel operating system and wrote an application in Elan. Among other interesting properties, files weren't saved, but were checkpointed by the OS. I enjoyed this exercise, although Eumel remained a very small niche.
- pjmlp - 4 months ago
  
  Cool, thanks for the link.
johnisgood - 4 months ago

I have not heard of Pancake, seems interesting. It led me to https://cakeml.org. Looking at https://github.com/CakeML/cakeml/blob/3194e00b69ce817cf47751..., I feel quite dumb. :P

snvzz - 4 months ago

On recent news, LionsOS, as of about a week ago (I got notified via their announcement maillist), includes a router/firewall scenario[0].

Do not miss Gernot Heiser's recent talk[1] at the seL4 Summit, where among other things he shows seL4 massively outperforming Linux in a web server scenario.

0. https://lionsos.org/docs/examples/firewall/

1. https://youtu.be/wP48V34lDhk

spencerflem - 4 months ago

Very cool! I’m a huge fan of Genode, another OS that runs on SeL4. Does anyone here know how they compare?

panick21_ - 4 months ago

Genode is a framework that can run on many places and on higher level has its own abstractions. Lion OS is based on Microkit the framework developed by the seL4 people that will also be verified. So Lion OS/Microkit is basically the outgrowth of the original seL4 research.
lproven - 4 months ago

> Genode, another OS that runs on SeL4.
Hang on, what? Genode can run on seL4 but seL4 is not part of it. Genode can also run on Linux and a bunch of other things. It has its own native kernel and it's not based on seL4 in any way, AFAIK.
- spencerflem - 4 months ago
  
  No, you’re totally right I phrased it badly
Y_Y - 4 months ago

Unequal

peterisza - 4 months ago

Finally an OS that is really an OS and not a linux distro

fithisux - 4 months ago

"but contains composable components for creating custom operating systems that are specific to a particular task"

like reviving OSfree aka 64bit OS/2

Propelloni - 4 months ago

It's an OS built around a verified and formally proofed L4 kernel, ie. a microkernel like QNX or MACH. The L4 is a venerable design reaching back at least 25 years, if not longer. It has seen commercial and research uses, e.g. the SIMKO3 mobile phones or the Fiasco distribution. The term "task" is specific here. Running Linux as a custom operating system is a task in microkernel lingo.
- fithisux - 4 months ago
  
  OSFree is developed on top of L4.

fithisux - 4 months ago

Aussies were supposed to progress with Darbat.

It never happened.

mikewarot - 4 months ago

>It is not a conventional operating system, but contains composable components for creating custom operating systems that are specific to a particular task. Components are joined together using the Microkit tool.

Unfortunately, like Genode, this approach yields something that is interesting, but can't be a daily driver for me. 8(

Meanwhile, the US national security continues its downhill slide because we've chosen operating systems based on ambient authority.

dctoedt - 4 months ago

My first thought was to wonder whether it was a Linux offshoot.

gethly - 4 months ago

[flagged]

aloha2436 - 4 months ago

I'm trying to picture in my mind a person who is a fan of Rust and somehow against an OS with a formally-verified kernel no matter the language. I'm not having much success.
- fooker - 4 months ago
  
  I see you have not met a lot of Rust activists.
  - aloha2436 - 4 months ago
    
    Certainly I don't seem to run into as many of them as I'm led to believe exists.
  - adastra22 - 4 months ago
    
    I am a “Rust activist” any day of the week. seL4 is awesome and amazing.
    
    johnisgood - 4 months ago
    
    Thoughts on Ada / SPARK? Why are you not using Ada / SPARK considering it has such a neat type system, pre- and post-conditions, formal verification, and so forth. It has built-in concurrency constructs as well and it helps you avoid deadlocks and race conditions.
    
    adastra22 - 4 months ago
    
    Well, why should I? Does it bring anything else to the table? After 50 years it doesn’t have the momentum rust has, or the tooling and ecosystem.
    In any case, it really isn’t comparable. It doesn’t have a borrow checker, contracts are enforced at runtime not compile time, no move semantics and no smart pointers… I find it strange actually that there is always someone bringing up “what about Ada/SPARK?” in the comments when there aren’t even comparable.
    
    - 4 months ago
    
    [deleted]
    
    johnisgood - 4 months ago
    
    You are wrong on all counts.
    It brings more to the table than Rust does. I have talked about this before, but here I go again (because your comment is full of misinformation).
    SPARK contracts are compile-time verified, not runtime. The GNATprove tool statically proves absence of runtime errors, buffer overflows, arithmetic overflow, and user-defined contracts (preconditions, postconditions, invariants) at compile time with zero runtime overhead. This is formal verification, not runtime checks.
    Ada has move semantics since Ada 2012 via limited types and function returns. Limited types cannot be copied, only moved. This is enforced at compile time. Build-in-place optimization eliminates unnecessary copies.
    Ada has smart pointers. Ada.Containers.Indefinite_Holders provides reference semantics, GNATCOLL.Refcount provides explicit reference counting, and controlled types (Ada.Finalization.Controlled) give you RAII-style resource management with deterministic finalization, effectively custom smart pointers. Search for "Ada smart pointers".
    Ownership/borrowing in SPARK: While not called a "borrow checker," SPARK's ownership model (Ada 202x, SPARK RM 3.10) provides compile-time verification of pointer safety, including ownership transfer, borrowing (observed/borrowed modes), and prevents use-after-free and aliasing violations. The verification is actually more comprehensive than Rust because it proves full functional correctness, not just memory safety.
    Certification: Ada/SPARK is DO-178C certified for avionics, used in safety-critical systems (Airbus, Boeing, spacecraft), and has Common Criteria EAL certification. Rust has no comparable certification history for high-assurance systems.
    The tooling argument is partially valid. Rust has better modern tooling (although Ada now has a proper package manager) and a more lively ecosystem. But claiming Ada lacks move semantics, or smart pointers is factually incorrect, and SPARK proves what Rust's borrow checker only approximates, and does so with mathematical proof, not heuristics.
    Why should you care? You answer that, but I think you may be right, you are just a Rust activist.
    What I find strange is the confidence with which you make verifiably and demonstrably incorrect statements about Ada, a language you clearly have not studied.
    
    adastra22 - 4 months ago
    
    You are right. I just plain don't care. Maybe I am misinformed. Maybe you are misunderstanding my requirements. Either way, it doesn't matter.
    You seem to be missing the point - there is an entire ecosystem of things built in Rust, a community of developers using it in related fields to where I am working, and a vast store of experience and knowledge to draw upon.
    Outside of aviation or defense, does Ada have that? No, it does not.
    That is why no one uses it.
    PS: This subthread started when someone made an assumption that Rust activists would pounce on this for not being written in Rust. I chimed in to say that, as a "rust activist" seL4 is actually pretty cool and that's fine. Then you butted in preach the Ada gospel. Not a good look.
    
    johnisgood - 4 months ago
    
    > Outside of aviation or defense, does Ada have that? No, it does not.
    > That is why no one uses it.
    Both of these statements are false as well.
    (I only made this response because you keep spreading misinformation about a language you know nothing about, self-admittedly, and demonstrably. Not a good look. Neither is your response to you being corrected. If you do not care, at least stop spreading bullshit so confidently about a language you do not know at all.)