![]() Its whole purpose is to silently automate some task. But what if you’re attempting to use those utilities against your real documents? (For example, a bulk metadata auto-tagging and auto-renaming utility, to get TV episodes from torrents loaded into Plex correctly.) How do you draw the line of what such a program can operate on? AFAICT, you just. You might suggest that there could be a shared sandbox for all the POSIX-like utilities to interoperate in. As well, every OS sandboxes legacy apps by default (because they’re already virtualizing them, and sandboxing something in a virtualization layer is easy.)īut none of those solutions really work for the “neat FOSS hack script someone wrote” workflow we’re talking about here, where you build programs from source and run them for their intentional side-effects on your system. There are tons of attempts to do what you’re talking about. Who’s to say that the user’s intent by running the program they just downloaded, isn’t to-say-overwrite a system folder? (Oh, wait, that’s exactly what Homebrew does, with the user’s full intent behind it!) Especially ones run by software engineers, and especially ones run by software engineers as part of a POSIX-alike “utility bag” ecosystem. ![]() It would have to be designed with security as the primary concern, though unlike current container solutions.īut arbitrary programs are. I imagine something like "applications" folder where every subfolder automatically becomes an isolated "container". There is no good technical reason why modern operating systems can't work out some some scheme for sanboxing arbitrary programs by default. "It doesn't matter what the computer can do, if it can't be learned by billions of people." ![]() I very much like this quote from Alan Kay: What about people who aren't in IT? Does anyone here even care? The general attitude I see is "plebs don't need to run anything they can't get outside of an app store". How on earth do developers hope to advance general computing forward when simply running programs isn't a solved problem? Most software engineers I know don't run docker on their home PCs. I think you can make it even better by generalizing the problem. The short answer is that if security is any type of priority for the system in question and you want to run containerized processes, you should use an OS that implements container security directly in the kernel, like FreeBSD with jails or illumos with Zones, instead of depending on getting exactly the right configuration between all the moving pieces in the Linux container stack. ![]() This comes with its own host of issues which LXD tries to hide. LXD approaches this by adding a uid/gid translation layer, so that the uid/gid for anything within an unprivileged container will be offset by a specified value, e.g., calls with user ID 1000 in a container are made to present to the host as user ID 1000000. The cgroups interfaces don't offer much security stuff directly - they're mainly about containing groups of process within certain resource consumption quotas, and afaik, don't really attempt to contemplate secure isolation directly. ![]() Linux relies on a concoction of properly-configured kernel subsystems to provide some level of isolation for containerized processes, and systems like LXD and Docker try to patch up the gaps. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |