kernel sandboxing / namespace capabilities
Created by: toxik-io
I'm curious about the state of isolating permissions within redox. Do we have the capabilities to do so?
Here's a post on Elementary's blog
It would be nice to have isolating behaviors such as:
- setting a process's resources depending on its id (network access, what process it can communicate with, the filesystem it can see)
- managing an executable or process's access rights (similar to how apparmor, SELinux, et al handle things, but with hopefully more consideration to the microkernel approach)
- give processes arbitrary namespaces
- set the permissions of those namespaces & plug them into different services based on their namespace
- determine the access rights of the process
- link this to an executable / username approach
I know @ticki is going to write more about that, but I figured putting this on the public issue record would be a good idea.