Skip to content

mohnkhan/MyOS2026

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2,827 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

MyOS2026 — VM-First Operating System in Rust

An experimental x86-64 OS written entirely in Rust — Linux-compatible syscall ABI, virtio drivers (blk/net/input/gpu), ext2 VFS, POSIX/OFD byte-range locks, PTY, signal FP/XSTATE frames, and a 438-applet Busybox-like userland. Built from scratch with no C in the kernel.


Project Resources

  • Download & run (testers): docs/QUICKSTART.md — boot a released image in QEMU or VirtualBox in minutes, no build required
  • Known issues: KNOWN_ISSUES.md — current v0.7 limitations; read before filing a bug
  • Live status & metrics: docs/STATUS.md — test counts, CI gates, success-criteria dashboard (updated on every feature merge)
  • Capability inventory: docs/CAPABILITIES.md — kernel subsystems, syscalls, /proc files, userland binaries
  • Per-feature history: CHANGELOG.md — what shipped, when, with what trade-offs
  • Design rationale: Learnings.MD — what was hard, root causes, non-obvious decisions
  • Roadmap: ROADMAP.md — tiered follow-up work
  • Validation: VALIDATION.md — proof against the 11 success criteria
  • Wiki: github.com/mohnkhan/MyOS2026/wiki — architecture overviews, getting-started guides, HOWTOs, compatibility matrices

Why MyOS2026

  • Boots in under 2 seconds to an nsh$ prompt on BIOS-headless QEMU, with SSH ready in under 5 seconds.
  • Reproducible images (identical SHA-256 across runs) and verified boot (BLAKE2b → ed25519 attestation chain) by default.
  • Written entirely in Rust with ~170 LOC of hand-written assembly. KASAN + FASAN catch memory-safety bugs at the corruption site, not the crash site.
  • Linux-compatible syscall ABI on x86_64 — statically-linked musl and glibc ELF binaries run unmodified; 400+ syscalls implemented and differential-tested against Linux.

Use Cases

  • OS learning platform — every subsystem fits in your head, written in safe Rust with no hidden C glue.
  • Secure ephemeral VMs — sandbox + verified boot + fast teardown via snapshot/rollback.
  • CI/CD throwaway environments — sub-2-second boot, 18 MB image, SSH ready in under 1 second.
  • Kernel and systems-programming research — modify the kernel, rebuild, boot in under 2 minutes.

Quick Start

Just want to boot it? If you only want to run a released image (not build from source), follow the download-and-run quickstart — QEMU/VirtualBox in a few commands, no toolchain needed.

# Prerequisites
apt install qemu-system-x86 ovmf sgdisk mtools e2fsprogs qemu-utils nasm python3
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
rustup toolchain install nightly
rustup component add rust-src --toolchain nightly
rustup target add x86_64-unknown-linux-musl

# Build and boot
RELEASE=1 bash build/scripts/assemble-image.sh myos.qcow2
make qemu

Save your SSD: make tmpfs-setup redirects target/ and dist/ (the only large gitignored output trees) into /tmp/MyOS/<hash>/ so the write-heavy build cycle hits RAM. Reversible, idempotent, opt-in, no-op on CI. See docs/dev-tmpfs.md.

Interactive session

Boot in a graphical window with the kernel framebuffer terminal, and SSH in on port 2222 simultaneously:

make qemu-sdl
ssh -p 2222 -i tests/keys/test_id_ed25519 \
  -o StrictHostKeyChecking=no root@127.0.0.1

For headless and VirtualBox boot recipes, see docs/CAPABILITIES.md and specs/001-vm-optimized-os/quickstart.md.


Demo

MyOS2026 shell demo

nsh$ prompt with mybox applets, pipe chains, and standard utilities — captured via make screenshot.

Animated terminal demo

Real nsh session over SSH — uname, /proc/meminfo, /proc/cpuinfo, ps, a base64 pipe, and the colored prompt. Generated via make demo-gif.


What's Inside

A complete, self-contained OS stack — kernel, drivers, networking, filesystem, security, and a full Unix userland:

+-------------------------------------------------------+
|  User Space   init | nsh | mybox (438 applets) | mymc |
|               cloud-init | dropbear | sandbox         |
+-------------------------------------------------------+
|  Security     Per-process syscall allowlist           |
|               Real UID/GID + supplementary groups     |
|               Credential audit ring                   |
|               Verified boot (BLAKE2b → ed25519)       |
+-------------------------------------------------------+
|  System       VFS | Syscall dispatch | Pipes | IPC    |
|               PTY/devpts | AF_UNIX sockets            |
|               POSIX / OFD / FLOCK byte-range locks    |
|               Signals (SA_SIGINFO, FP/XSTATE frames)  |
|               MLFQ scheduler | Linux ELF compat       |
|               epoll(7) | poll(2) | WaitQueue<N>       |
+-------------------------------------------------------+
|  Kernel       MM (demand paging + CoW fork)           |
|               APIC/HPET | smoltcp | DHCP | ext2       |
|               procfs (100+ nodes: /net /sys per-PID)  |
|               KASAN + FASAN + DWARF panic backtraces  |
+-------------------------------------------------------+
|  Drivers      virtio-{blk,net,console,rng,input,gpu}  |
|               Framebuffer /dev/fb0 (virtio-gpu + VGA) |
|               evdev /dev/input/eventN | /dev/kbdN     |
|               PCnet | NE2000 | AHCI | IDE             |
+-------------------------------------------------------+
|  Hardware     QEMU q35 (primary) | VirtualBox         |
+-------------------------------------------------------+

For the full enumeration of subsystems, syscalls, and userland binaries, see docs/CAPABILITIES.md. Aims to be able to self host

Highlights

mybox — Busybox-in-Rust (438 applets)

A multi-call binary providing 438 Unix applets via symlinks in /bin. Dispatch is purely by argv[0] basename — no runtime overhead per applet. Covers file ops, text processing, filesystem inspection, process control, system info, archives, shell utilities, networking (DNS, HTTP, nc, ping), strace, and device utilities (evdev, fbpaint, fbmode).

nsh$ /bin/grep -i root /etc/passwd
root:x:0:0:root:/root:/bin/sh
nsh$ /bin/ls -la /bin/ls
lrwxrwxrwx        10 ls -> /bin/mybox
nsh$ mybox --list | wc -l
438

Linux ELF binary compatibility

Statically-linked musl ELF binaries compiled on Linux run directly on MyOS2026 without modification:

# On a Linux host:
musl-gcc -static -o hello hello.c

# Copy to MyOS2026 and run:
nsh$ /bin/hello
Hello, World!

Full System V AMD64 ABI initial stack with correct AT_PHDR (vaddr-not-file-offset) and AT_SECURE on suid exec. All musl startup syscalls supported. Invalid accesses deliver SIGSEGV; stack overflows are caught at the guard. Dynamically-linked glibc binaries are also supported via the bundled ld-linux-x86-64.so.2. See docs/CAPABILITIES.md.

Per-process syscall sandbox

nsh$ sandbox --allow=read,write,exit /usr/bin/exploit-test
BLOCKED (errno=1)      ← mount(2) blocked by kernel allowlist

The kernel enforces a deny-by-default syscall filter per process, installed via SYS_SANDBOX_ENTER. Filters survive execve and are independent across processes.

Framebuffer and evdev input

A memory-mapped /dev/fb0 device backed by virtio-gpu or Standard VGA — userspace can paint directly via mmap(2) with no kernel involvement per pixel, resize the display with FBIOPUT_FB0_GEOMETRY, and flush damage rectangles with FBIO_FLUSH_FB0. virtio-keyboard and virtio-tablet devices each appear as a standard Linux evdev character device under /dev/input/eventN delivering 24-byte struct input_event records, with POLLIN/epoll readiness and the full EVIOCG* ioctl surface:

nsh$ mybox evdev --device 0 --count 5   # read 5 raw input events from event0
nsh$ mybox fbpaint                       # paint the framebuffer directly via mmap
nsh$ mybox fbmode 1280 720              # change display resolution live

Verified boot

Every RELEASE build embeds a BLAKE2b hash chain:

UEFI → Limine (config hash enrolled) → kernel.elf (BLAKE2b verified)
     → kernel_main ([vboot] ACTIVE  pubkey: be5f7844108bcdd1)

Any binary tampering before a single kernel instruction executes causes an immediate boot abort.

Reproducible builds

Two independent builds from identical source produce byte-identical QCOW2. Achieved via SOURCE_DATE_EPOCH, pinned GPT/FAT UUIDs, and build/scripts/fix-ext2-timestamps.py.


Architecture

Design principles

Principle Choice
Kernel type Minimal monolithic (Rust, no_std)
Bootloader Limine v8.x (BIOS + UEFI, single config)
Block / virtio virtio-blk/net/console/rng/input/gpu; AHCI, IDE
NIC virtio-net (primary); PCnet, NE2000 also supported
Graphics virtio-gpu + Standard VGA LFB → /dev/fb0 mmap
Input virtio-keyboard/tablet → evdev /dev/input/eventN, /dev/kbdN
Network stack smoltcp 0.11 (pure Rust, no_std)
Filesystem ext2 (custom pure-Rust read/write driver)
SSH Dropbear (userspace, cross-compiled for musl)
Userland Rust + statically linked musl
Assembly ~170 LOC total (entry stub, ISR trampoline, context-switch)

Repository layout

kernel/          Rust kernel (no_std)
userland/        Userspace crates (musl-static): init, nsh, mybox, mymc, ...
bootloader/      Limine config + vendored binaries
build/           Makefile, image assembly scripts, CI helpers
tests/           Boot, SSH, shell, sandbox, syscall, scheduler integration tests
specs/           Per-feature specs (NNN-name/{spec,plan,tasks,quickstart}.md)
docs/            STATUS.md, CAPABILITIES.md, dev-tmpfs.md, syscall-diff.md

For the full layout, see docs/CAPABILITIES.md.


How It's Built

  • Per-feature spec-kit workflow — every feature has specs/NNN-name/{spec,plan,research,tasks}.md and a quickstart. Implementation follows tests-before-code per the project constitution.
  • CI gate on every PR — clippy (-D warnings), unit tests in parallel + sequential modes, boot integration under smp ∈ {1, 2}, SSH login, sandbox, KASAN, ABI-drift, and docs-gate (per the constituent jobs listed in docs/STATUS.md).
  • Run the pipeline locally before pushing:
    make ci-local       # ~15 min; same step order and timeouts as remote CI
  • In-kernel diagnostics: dmesg ring (/proc/dmesg), per-PID syscall trace (/proc/<pid>/trace), symbolized panic backtraces with DWARF line numbers, kassert! with PCB context, KASAN + FASAN memory-safety sanitizers.

Contributing

All changes go through a feature branch and pull request — direct commits to master are prohibited.

  1. Fork the repository.
  2. Create a feature branch: git checkout -b NNN-short-description origin/master.
  3. Read the constitution at .specify/memory/constitution.md and the existing specs in specs/.
  4. Use the spec-kit workflow: /speckit-specify, /speckit-plan, /speckit-tasks, /speckit-implement.
  5. Run make ci-local before pushing.
  6. Open a PR targeting master. Every feature PR must update Learnings.MD, CHANGELOG.md, and docs/STATUS.md (enforced by the docs-gate CI step; bypass with [no-docs] in any commit message for docs-only or infra-only PRs).

For project conventions, MANDATORY workflows, and operational guides (in-kernel dmesg + GDB, KASAN, syscall-diff harness, tmpfs build redirection), see CLAUDE.md.

Good first issues:

  • POSIX lstat() that does not follow the final symlink component
  • Dynamic ELF loader (PT_INTERP support) — enables glibc-linked binaries
  • GPG signing pipeline for release artifacts

See the issue tracker for follow-up work tagged good-first-issue and follow-up.


Lineage & Inspirations

MyOS2026 is the third generation in a personal operating-systems family built by Mohiuddin Khan Inamdar, carrying forward lessons learned across two earlier generations:

  • MyRTOS family — bare-metal real-time operating systems in C; established the interrupt model, timer substrate, scheduling fundamentals, and boot-sequencing patterns that this kernel refines in Rust.
  • MyOS-Mini family — minimal x86 OS experiments that validated the VFS layer, process model, and memory-management architecture later rewritten here with Rust's ownership model.

Inspirations from the broader OS world:

  • BSD (FreeBSD, OpenBSD, NetBSD) — process and credential model, VFS layer design, the philosophy of small auditable subsystems with clear contracts, and the importance of a rigorous manual-page ABI.
  • Linux — the x86_64 syscall ABI that MyOS2026 targets for compatibility, ELF loading conventions, /proc filesystem layout, virtio device model, and the no_std discipline shown by the kernel's C99 environment.
  • Academic kernels (xv6, Minix, L4) — clarity-over-features design discipline; every subsystem in MyOS2026 should be explainable from first principles in a single sitting.
  • Rust OS community (Redox, blog_os, Tock) — prior art on applying Rust's ownership model to kernel concurrency, no_std ecosystem crate choices, and inline-assembly idioms.

License

Mozilla Public License 2.0

About

Experimental x86-64 OS in Rust — Linux-compatible syscall ABI, virtio drivers, ext2 VFS, POSIX/OFD locks, PTY, signals, and a Busybox-like userland

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors