Active development on Aegis is underway, with incremental security reviews being conducted on the codebase.
This is v1 software — a first public release, not production-hardened. The C kernel is roughly 29K lines and almost certainly contains real, exploitable vulnerabilities. That’s expected for a from-scratch OS at this stage. All vulnerabilities identified in audits to date have been hypothetical, but that will change as more eyes look at the code.
The capability validation core (kernel/cap/src/lib.rs) is the first kernel subsystem written in Rust. It’s compiled as a #![no_std] staticlib and linked into the C kernel via FFI. This covers cap_check, cap_grant, and cap_init — the functions that every privileged syscall depends on. The plan is a gradual, subsystem-by-subsystem migration of safety-critical kernel code from C to Rust, starting there and expanding outward.
Rune Editor
My other project, Rune (exec/rune), is now the first text editor available in Aegis. I already knew the codebase well, so it made sense to start there. Other editors will be ported in time.
Rune is built as a static musl binary via tools/build-rune.sh, cross-compiled with:
RUSTFLAGS="-C target-feature=+crt-static -C relocation-model=static"
cargo build --release --target x86_64-unknown-linux-musl
The static, non-PIE build produces an ET_EXEC binary compatible with Aegis’s ELF loader.
IRC Channel
An IRC server for Aegis will be announced soon — details coming shortly. This will be the first real test of the capability model under adversarial conditions: an internet-facing service that must be confined with CAP_NET for the listener and CAP_AUTH for session authentication.
Parley
A Parley server exists at parley.x86-64.com/invite/aegis for community discussion. (Yes, I created Parley. Yes, this is shameless self-promotion of another one of my projects. No, I’m not sorry.)
If you want to check out the source code, it’s at exec/parley.
What’s Next
The ARM64 port just hit working userspace on QEMU virt as of April 12 — roughly a week after the v1.0.0 x86_64 release. A ready-to-flash Raspberry Pi 5 image lives in build/pi5-image/; real-silicon verification is pending a USB-TTL serial cable for the Pi 5’s JST-SH debug header.
For the technically curious, the full port plan is documented in ARM64.md.
If you find a bug, have a hardening suggestion, or want to help with the Rust migration, file an issue or open a pull request at exec/aegis.
Security findings can be reported publicly via GitHub Issues or privately via execxd@icloud.com. Include enough detail to reproduce: affected subsystem, triggering input or sequence, and (if applicable) the capability kind and rights bitfield involved.
This is v1. The journey is just starting.