Re: [9front] [PATCH] private /srv attach option

9front - general discussion about 9front
 help / color / mirror / Atom feed

From: Jacob Moody <moody@mail.posixcafe.org>
To: 9front@9front.org
Subject: Re: [9front] [PATCH] private /srv attach option
Date: Tue, 31 May 2022 10:04:50 -0600	[thread overview]
Message-ID: <fa5b5eb1-bf4e-ba56-6922-1f3bca25824e@posixcafe.org> (raw)
In-Reply-To: <475b654b-641e-6f08-c5bc-bcf6aab4f51a@posixcafe.org>

On 5/31/22 09:09, Jacob Moody wrote:
> I explicitly do not want chdev to proliferate to every program on the system like openBSD's pledge. It is designed to be used at the very edge

To clarify, I dont think this is something we should absolutely avoid. I just dont want to feel like we need to touch every program on the system.
But I have put in some thought to how we would go about this if we wanted to more closely emulate it:

* chdev could grow a -c flag for setting permissions of it's child.
	Child would be defined as the direct RFCNAMEG namespace descendant. Default
	would be to inherit parents unless it was been explicitly set otherwise.
	This allows a child to have more capabilities then the parent.

* /dev/drivers could be moved to it's own driver
	This would make it a bit nicer for removing the ability to further modify
	the set of capabilities of it's child. It being bundled in the devcons
	kind of muddies this.


Some more food for thought.

Thanks,
moody

next prev parent reply	other threads:[~2022-05-31 16:08 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-30 11:50 Jacob Moody
2022-05-30 14:44 ` ori
2022-05-30 17:26   ` Jacob Moody
2022-05-30 20:04     ` ori
2022-05-31  7:03       ` hiro
2022-05-31 15:09         ` Jacob Moody
2022-05-31 16:04           ` Jacob Moody [this message]
2022-06-08 14:48             ` Jacob Moody
2022-06-22 15:22               ` cinap_lenrek
2022-05-30 14:56 ` ori
2022-07-10 21:47 ` ori

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fa5b5eb1-bf4e-ba56-6922-1f3bca25824e@posixcafe.org \
    --to=moody@mail.posixcafe.org \
    --cc=9front@9front.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).