Nuxi The CloudABI Development Blog

CloudABI for ARMv6: running a sandboxed web server

December 7, 2016 by Ed Schouten

About two months ago we published an article on this blog to announce the availability of CloudABI for ARMv6. As you may recall, we mentioned that although CloudABI’s C library and runtime had been ported to ARMv6 successfully, we were still blocked on some features that didn’t make it into the 3.9 release of LLD, such as support for thread-local storage.

We’re happy to report that the latest development version of LLD now has these missing features implemented, meaning that it can now be used to create usable CloudABI programs for ARMv6.

In today’s article, let’s briefly take a look at how CloudABI for ARMv6 works in practice, by building a sandboxed web server written in C and running it on ARMv6 hardware.

Step 1: Installing a development environment

The first step towards building our sandboxed web server is to install our CloudABI development tools. In my case I want to build our web server on my Macbook, so let’s go ahead and install a cross compiler for CloudABI and a copy of CloudABI’s C library for ARMv6, using Homebrew:

$ brew tap nuxinl/cloudabi
$ brew install --HEAD cloudabi-toolchain
$ brew install armv6-unknown-cloudabi-eabihf-cxx-runtime

As you can see, we’re passing in the --HEAD flag to brew install, so that Homebrew doesn’t install the latest official release (based on LLVM 3.9), but the development version (based on LLVM SVN trunk). Once that’s done, we’re all good to go:

$ armv6-unknown-cloudabi-eabihf-cc
clang-4.0: error: no input files

Step 2: Building our sandboxed web server

Often when I give demos on how CloudABI works, I make use of a very simple web server that I wrote myself. It’s a rather primitive tool, as it can only serve a fixed HTTP response, but that also makes it easy to understand. Let’s go ahead and build it!

$ wget
$ armv6-unknown-cloudabi-eabihf-cc -O2 \
      -o cloudabi-webserver cloudabi-webserver.c
$ ls -l cloudabi-webserver
-rwxr-xr-x  1 ed  staff  242736 Dec  7 17:09 cloudabi-webserver

Step 3: Running the web server

A system that I typically use to develop and test CloudABI software for ARMv6 is my Raspberry Pi 2. In my case it’s running FreeBSD 12.0-CURRENT, though recent versions of FreeBSD 11.0-STABLE also provide CloudABI support for ARMv6 out of the box. Let’s go ahead and set up the system to be able to run CloudABI software:

$ kldload cloudabi32
$ pkg install cloudabi-utils

We can now use the cloudabi-run utility to start our sandboxed web server. This utility parses a YAML file that lists the resources on which our web server depends, ensuring that only those resources are exposed to the program.

In our case the YAML file specifies that the process is allowed to access a TCP socket bound to port 12345 and write log entries to stdout. The YAML file is also used to declare the HTML code that needs to be served back to the browser.

In a way it acts as a mixture between a configuration file and a security policy. There is no need to write both of these separately.

$ scp macbook:cloudabi-webserver .
$ cat cloudabi-webserver.yaml
%TAG !,2015:cloudabi/
socket: !socket
logfile: !fd stdout
message: |
  <h1>Hello, world!</h1>
  <p>It looks like our sandboxed web server works!</p>
$ cloudabi-run cloudabi-webserver < cloudabi-webserver.yaml

And voila! As soon as we run the web server using cloudabi-run, we can visit it over the network!

Screenshot of the web page returned by the web server

Closing words

The idea behind this article is to show you how easy it is to use CloudABI to build a simple sandboxed application and run it. We hope it also shows you that it’s really easy to build applications for different types of hardware architectures, regardless of the operating system or hardware architecture your development system has.

By making cross compiled libraries available as packages that can be directly installed using your operating system’s package manager (Homebrew in this example), cross compilation of software becomes trivial.