From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from tb-mx0.topicbox.com (localhost.local [127.0.0.1]) by tb-mx0.topicbox.com (Postfix) with ESMTP id 04CF11F68E42 for ; Wed, 17 Jul 2024 16:12:30 -0400 (EDT) (envelope-from lonnie@outstep.com) Received: from tb-mx0.topicbox.com (localhost [127.0.0.1]) by tb-mx0.topicbox.com (Authentication Milter) with ESMTP id 76FB035480C; Wed, 17 Jul 2024 16:12:30 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1721247149; b=GmdrQZGwm+DzKSnjquKqIx+rjUaZwQeoPRgZvCWlGIOHAPR+S4 TCLN//ggNtSXBRNApEciTk/ll9ZnKwhGn1Q6REjgic0L6CXP02APNhyg393f0+XQ ZbgbIfYt6haX28Yra/zi70xxKIGped2xq7eyMbdF6xmCHtET2sBZBjrl3GytDiKV wd64aeSWKYRw29RE+3jfQJ//i5BHF6XgJX+IqFMeBDioUbc7KA5SR+Bz80iMflBa KveQ65WAdLJBiSshoTgWlKleMPp+5Nx8b1WOAwMCJpHGofM87BUych+mG9w/N0V5 ma5tvAEeezS5BkwoNx1NbUFQiWfarhv/YJCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=message-id:date:mime-version:subject:to :references:from:in-reply-to:content-type :content-transfer-encoding; s=arcseal; t=1721247149; bh=QNWkXBQi +pmx80QbmRWZVMJW6wFcHl9oHFdvMIIt5f8=; b=Gy7+eycIj3EJrOF6FKeEDvr7 P3TvfRJHsjBhvGBN7GgpKkq1K5e3ldRMryYq0Ju5RinevKc4RKKdCyyyRJTY/bzu RGvRQLvr40fE3N9S7ijYYhtR+7hFkI5VbPgmcUp9mfviSUDoEfxER+uhmUV8dzzl UU+7f1iBFSI5pxN/uz63Qv4TV9AMNKfY6MakWoKI2THalm2AS1/7rCgxKNjznfcm ck47MfjB+pNdvcB45CT2B5PxGDC5Y9PY/VNDoHOlOdAiUOu1bzlZUeYfyL0Kb7dL 4hr/hKfKxv7ZnfCJ8XvAzpVnEE7SW9jTFSCvyX+8SI2cPFhVrqzzPAxkmzgJkQ== ARC-Authentication-Results: i=1; tb-mx0.topicbox.com; arc=none (no signatures found); bimi=skipped (Insufficient authentication, DKIM required); dkim=invalid (public key: DNS error: , unknown key sha256) header.d=outstep.com header.i=@outstep.com header.b=oKcl911V header.a=unknown-sha256 header.s=dkim; dmarc=pass policy.published-domain-policy=reject policy.applied-disposition=none policy.evaluated-disposition=none (p=reject,d=none,d.eval=none) policy.policy-from=p header.from=outstep.com; iprev=pass smtp.remote-ip=213.136.84.29 (mail.outstep.net); spf=pass smtp.mailfrom=lonnie@outstep.com smtp.helo=mail.outstep.net; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=mail.outstep.net policy.ptr=mail.outstep.net; x-return-mx=pass header.domain=outstep.com policy.is_org=yes (MX Records found: mail.outstep.net); x-return-mx=pass smtp.domain=outstep.com policy.is_org=yes (MX Records found: mail.outstep.net); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 Authentication-Results: tb-mx0.topicbox.com; arc=none (no signatures found); bimi=skipped (Insufficient authentication, DKIM required); dkim=invalid (public key: DNS error: , unknown key sha256) header.d=outstep.com header.i=@outstep.com header.b=oKcl911V header.a=unknown-sha256 header.s=dkim; dmarc=pass policy.published-domain-policy=reject policy.applied-disposition=none policy.evaluated-disposition=none (p=reject,d=none,d.eval=none) policy.policy-from=p header.from=outstep.com; iprev=pass smtp.remote-ip=213.136.84.29 (mail.outstep.net); spf=pass smtp.mailfrom=lonnie@outstep.com smtp.helo=mail.outstep.net; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=mail.outstep.net policy.ptr=mail.outstep.net; x-return-mx=pass header.domain=outstep.com policy.is_org=yes (MX Records found: mail.outstep.net); x-return-mx=pass smtp.domain=outstep.com policy.is_org=yes (MX Records found: mail.outstep.net); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgeeftddrgeejgdehiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdpuffr tefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepkfffgggfuf fvfhfhjggtgfesthekredttddvjeenucfhrhhomhepnfhonhhnihgvucevuhhmsggvrhhl rghnugcuoehlohhnnhhivgesohhuthhsthgvphdrtghomheqnecuggftrfgrthhtvghrnh epkedtleeiuddvleejteduhedvffegudduudeffeeggfeiieetkeegleefvedugfegnecu ffhomhgrihhnpehtohhpihgtsghogidrtghomhenucfkphepvddufedrudefiedrkeegrd dvleenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpedvudefrddu feeirdekgedrvdelpdhhvghlohepmhgrihhlrdhouhhtshhtvghprdhnvghtpdhmrghilh hfrhhomhepoehlohhnnhhivgesohhuthhsthgvphdrtghomheqpdhnsggprhgtphhtthho pedupdhrtghpthhtohepoeguvghvvghlohhpvghrsehlihhsthhsrdhilhhluhhmohhsrd horhhgqe X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (outstep.com: 213.136.84.29 is authorized to use 'lonnie@outstep.com' in 'mfrom' identity (mechanism 'mx' matched)) receiver=tb-mx0.topicbox.com; identity=mailfrom; envelope-from="lonnie@outstep.com"; helo=mail.outstep.net; client-ip=213.136.84.29 Received: from mail.outstep.net (mail.outstep.net [213.136.84.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx0.topicbox.com (Postfix) with ESMTPS for ; Wed, 17 Jul 2024 16:12:22 -0400 (EDT) (envelope-from lonnie@outstep.com) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id E95FD234103E; Wed, 17 Jul 2024 22:12:12 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outstep.com; s=dkim; t=1721247141; h=from:subject:date:message-id:to:mime-version:content-type: content-transfer-encoding:content-language:in-reply-to:references:autocrypt; bh=QNWkXBQi+pmx80QbmRWZVMJW6wFcHl9oHFdvMIIt5f8=; b=oKcl911VkizwLRu6pGLMJUoPF6xjfoelZbVl5GnQ9g9eNjbIdwrXG9GHaN33YBlB3Tl4Pt F2ltodWonm6+Na8DK68oBYUmG/FWPq02HGKCrguxXVzrypAOZZKUmtMBRCzFDBCls8AqmE WehfJb1HTuGh67JVytchdJ0maP4cIalJzXFQ09rOUjELWXMfOMo8MA1bthkHVDBuhCGiWf R0temyQc0CtDjhfy189I8ayQhls/z/dmGEnn0cNuEZPmeLmfT3nsPdm0tq8oTB6fSg0Qyw 4tbJnsmc2SFTnpMMCdew6TVDAs/4BkPP+OSWFWGCnifvG6BVQghLg1djKL9yiQ== Message-ID: Date: Wed, 17 Jul 2024 16:12:12 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [developer] A couple of kernel questions To: developer@lists.illumos.org, udo.grabowski@kit.edu References: <48-6697c700-1d7-71122080@11933559> <906458fe-725c-9fa6-bf86-8b9ca1d62933@kit.edu> Content-Language: en-US From: Lonnie Cumberland Autocrypt: addr=lonnie@outstep.com; keydata= xsDNBGZUkBcBDADf326hFXBZUOP9VKVMb569ZBxanDFn4/VSe88oit+OyvxtQoGWqEegTtpf 6zg1+9Dyx48+seZQvkbvZh/08CJaaNOZOP5uzwI70pWMpU+Uxvjed/Irl8Wp6pWixX+6qEm5 F7shGilvgxCbAPM8YH8Pp8M3nBy3IZGSS4vhlBlJHZ9VsvlZ69rvwJIcVv0igb1HEHkGFl3k O+odw9cScRVN7yLeqgAwXmhguZuOu0HN0UEgAgGszbPAPxckImOXI2c7gBbbl0P2aJwUPwKC CXb2SR4P/1lAsRJPFt37AyIjhPfLd9lKJVmxl+Jrd3xQ5TZUqAWOYNURJaKIQ7FmgPGtoXgi YZRg7rilc24FHbpjSYzAJwF6JNgn9ZJBOlY6Ra34SIFuB7m80dDYExRzYqQWjZZfLu3kQWv2 JDzxc0vnz1i8EkUYRlttz2RK+8bh0dbFQYRpyacAuUzqsthLOUMphuc2n994Ycjax3pXwt3H MvTjxZcB7tU5bBtnfV4XeyUAEQEAAc0mTG9ubmllIEN1bWJlcmxhbmQgPGxvbm5pZUBvdXRz dGVwLmNvbT7CwQcEEwEIADEWIQQulYU+Ak0zY3zlP1PNPEu2CUxXdQUCZlSQGAIbAwQLCQgH BRUICQoLBRYCAwEAAAoJEM08S7YJTFd1514MAJKgCilBtSfnDuqi6EsAv89vyLUC+UABqdIh ehwaImDTu65yniPARHsTQhXZI6QzfFTz3ptX7gQzZvAU0C1rVJWZaFbE4yHIEqerPPH5pTJA DL43GZU91is3BNE3hm2s3ArUHOEvFbWTzT9bQKjkHfPveByskzi0qlzrULZYG5kpbXx6sknW jFVdPkk0yv6N43ar9GjNKQqZTOJEe4U5VvHX3igMYjLB4dVmZFqvM9uMO+3pTQfnF4pzTtGd zX9ZIioAh/wQLF31P78ILvCUV4HOLVOGsxruZKuW/xEtA/UoLFJML5SJDrfbyNcu4Fly/5HP Yz42aNbnOBQkHOZKA7QaI0lfUgXgevAquRuJzvjjP8iKm+S+mpl7vIymsbkmG3E9tj5JAe9v xAyFFlQFi6ZVlw4PnXbiYUaJ30pa/AnrVe9nz5CpAxCX1q3ajRZApFeFYnuC7rx8LT662Pr1 fP5RRCbcUs5K8l2mJuifETtua+BydNQfn87JmmL0keAJGM7AzQRmVJAYAQwA9n99CBs/0XZk ZUzwm4CjPPqVQX7xLLqsvXZB15zsddCb21T+kxK7x2Bjg8QDg/4n/wOS8SytimPS35P1MKsm ysNi9lHkr3a3azfYGXZQ8jKfJbChD5dfyvu/rt4lK8k1EiNEUBzUFwTgP1WeD1v1+xUb5+JJ 6MjNFuMJMoq6vprEn0Wtv7LNDNWQj4/Xxa/kGVto9XwsrpcKSwyX7BmWEoqqzEO4PJgVSIF9 euL4GY15RCQD0Y+FN8kAXeO+Dd0WHgtaaWCpDP+RkgXtUCFx06Ozy1OrHRdIczsu+60Xcf+K DeoZsA2ZQTBwcSQN5ektrNeP5KqbYcl3stdW+grtucUs6AzFF3oqZbsrB6bNLyUUjEuYvrMm SFVi1rfOiGc6IExl6QDT0GCf5KWv0iGbls7lNfYHVUcdbUM07LDxLhm3MkcAnLFpAHg1s+Pz QP858J+fpnZLvMQT9AQ/bfA6c3kw6VRFqbsAe7ZzI4C73N+nzsP9ow5ovIbvECI+xkzZABEB AAHCwPYEGAEIACAWIQQulYU+Ak0zY3zlP1PNPEu2CUxXdQUCZlSQGQIbDAAKCRDNPEu2CUxX dTdmDADYJA7nWcJrr/3Oz+KvND+5Qd7jyOsTnvmcmFmpqWkydxbn75DciH1le9qf3F+WBT2x CQtsFGu0E7mb4bQv2i1ugyoWOJPlVAbRvwUoyFYbxHLnlSPPq6KBLcoRDNUe26oINuH6CK30 ZcXF0SDY26ydP7r6bC0cAzNTz6fkQsEd57wy/nSz9bt0EZnapYZ9l/W5fTSqyMcYDF92u18J IAn7On392bs3yTSwAeahPT+dhk3qOecbFysJRm61dw0vNCKVvm82tJKvzRPYEuFMDQEvpXb3 OqxCCRk3v0iUxwcXZxXPZAfos7ZrM2Y9ElSHfrssbvbeqDIOrGa0d2GlfHZMlz+mnH84Np5K 19Q/WetiOD7SKvmR54d7jZvsBt8VyDlQhMYqbNPyOnkvtQUhVWshrGGwKrB5a89dUYZMmAQd fL+vxMw4kBmeZmZ64Iy9ROZmDqVYD8278qC+yJC2S+uEdW9VjeW4WsUljfH2P3O8QagZsvGv WujEwGqqyfUF7eo= In-Reply-To: <906458fe-725c-9fa6-bf86-8b9ca1d62933@kit.edu> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Last-TLS-Session-Version: TLSv1.3 Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: e791e9ee-4478-11ef-b4b0-02bc058c7b06 Yea, I thought about ACLs and RBAC approaches but think that a property-graph database could possibly offer much more potential still. I could, of course be wrong on this, but I think that it is a very interesting possibility maybe worth experimenting with and investigating further as a thought. Also, I think that a hierarchal tree-based filesystem allows for too many attack vectors for bad actors who can gain access up and down the tree looking and mostly eventually finding weak spots to assault and gain access.  A PGDb approach seems like it would not expose neighbor nodes (i.e. application libraries and others) and would be perfectly in-line with application/data sandboxing ideas while allowing much more control with a finer-grained approach, just as a rough thought. Thanks again, Lonnie On 7/17/2024 10:06 AM, Udo Grabowski (IMK) wrote: > On 17/07/2024 15:28, Lonnie via illumos-developer wrote: >> .... >> 2. Another crazy thought that I had was about the possibly of >> investigating what it might take to (fork illumos for an experiment) >> and try to remove the dependencies on a hierarchal tree-based >> filesystem and to implement a type of "Property-Graph Database >> (PGDb)" filesystem.  The rationale here is that a hierarchal >> tree-based filesystem can easily be represented as well but that a >> PGDb filesystem also allows for assigning new types of attributes to >> files, blocks, objects, users, etc. and thus allowing for granular >> security on users at the application level.  Users can be >> allowed/disallowed to see/access application/files/block/objects and >> only authorized applications are "mapped" to a particular user. >> > > That's mostly ACLs and RBAC/Projects. Already there... > > > ------------------------------------------ > illumos: illumos-developer > Permalink: > https://illumos.topicbox.com/groups/developer/Tf2a2de95f2063204-M80e6a50f391c7bb694aa2500 > Delivery options: > https://illumos.topicbox.com/groups/developer/subscription