Syd: Writing an application kernel in Rust

Syd (sydbox-3) is an application kernel written in Rust. This talk is a tour of its runtime architecture and the Rust that makes it portable. We’ll walk through the threads and their roles: syd_main (startup, namespaces, policy load, lock), syd_mon (lifecycle, seccomp-notify plumbing), a CPU-sized pool of syd_emu workers (syscall brokering), syd_ipc (UNIX-socket control when lock:ipc is enabled), syd_int (timers/alarms), and syd_aes (AF_ALG crypto for Crypt sandboxing, plus helpers syd-pty and syd-tor. Implementation highlights: minimal unsafe at the syscall edge; per-thread isolation with unshare(CLONE_FS|CLONE_FILES) and per-thread seccomp(2); syscall-argument cookies; forced O_CLOEXEC and randomized FDs; deterministic "last-match-wins" policy; and mseal(2) sealing on lock:on. Portability is first-class: one codebase for Linux ≥ 5.19 with proper multi-arch support (x86-64/x86/x32, arm64/armv7, ppc64{b,l}e, riscv64, s390x, loongarch64), ILP32/LP64 awareness, and MSRV 1.83+. You’ll leave with concrete patterns for building a thread-isolated, multi-arch syscall broker in Rust.