From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, NICE_REPLY_A,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 23181 invoked from network); 29 May 2022 01:03:49 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 29 May 2022 01:03:49 -0000 Received: from mail.posixcafe.org ([45.76.19.58]) by 9front; Sat May 28 21:01:03 -0400 2022 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=posixcafe.org; s=20200506; t=1653786059; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gc7wRJA+7dqi72tIb3RVEDV1R1PgdSf9y5ljxViy2Zs=; b=hSoi4g4t51A1LRPeizoGEv9xQ0TkzVBdCDnRWbP+URlnT9e7TB0eKN4vFugS0VMHEpwZuf khFXuzvb3bFo9jP82m2peOy8aHRwP7MB57JBt0hyLWnfbzh/ZoYyNOvA2s1db4QtzPx6c4 WAtS3FsjjWUiguh0vZoR9RpdT2BjsSk= Received: from [192.168.168.200] (161-97-228-135.lpcnextlight.net [161.97.228.135]) by mail.posixcafe.org (OpenSMTPD) with ESMTPSA id bc63f76d (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <9front@9front.org>; Sat, 28 May 2022 20:00:59 -0500 (CDT) Message-ID: <696b6b02-135b-f5ba-6903-0a28b3e1b080@posixcafe.org> Date: Sat, 28 May 2022 19:00:39 -0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.1 Content-Language: en-US To: 9front@9front.org References: <3e08a1f8-205c-dfbd-0d37-39503d9c363f@posixcafe.org> <77932a1a-62f8-d7e2-e98b-8da5cea46285@fjrhome.net> From: Jacob Moody In-Reply-To: <77932a1a-62f8-d7e2-e98b-8da5cea46285@fjrhome.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: property deep-learning WEB2.0 over SOAP self-signing module Subject: Re: [9front] git: use new /dev/drivers for privdrop Reply-To: 9front@9front.org Precedence: bulk On 5/28/22 18:23, Frank D. Engel, Jr. wrote: > > People trying the OS through the type of sandbox test system being > proposed wouldn't really be able to do anything to test the system if > they cannot create new processes, but allowing that to go on unchecked > (without limits) could impact other users. > > I tend to agree that if this is a use case to be considered, a quota of > some kind would be in order. I dont think this use case is worth perusing. The concept of what constitutes misuse of a resource is vague and dependent on hardware. Like I mentioned, I think trying to make the promise that a process with access to a resource won't misuse it is error prone. > > This would also eliminate the need for the somewhat questionable idea of > using a "fake" device to serve as a process security mechanism for the > fork call, as one could simply set a quota of zero. > > We are in plan9, a very large chunk of a processes capabilities are accomplished through access to files. We have a system for mutating a processes view of files through namespaces. Devip is also a "fake" device, yet access to that is tied to the processes ability to talk on the network. It seems consistent with the theme of the system to describe capabilities as the set of files a process has access to. If anything the fact that the fork call is a capability that is not influenced by the namespace makes it the odd one out. Thanks, moody