[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Niche for Hurd - discussion - subhurds and subusers
From: |
Arne Babenhauserheide |
Subject: |
Re: Niche for Hurd - discussion - subhurds and subusers |
Date: |
Wed, 12 Nov 2008 19:52:15 +0100 |
User-agent: |
KMail/1.10.3 (Linux/2.6.25-gentoo-r7; KDE/4.1.3; x86_64; ; ) |
Am Samstag 08 November 2008 12:20:33 schrieb olafBuddenhagen@gmx.net:
> > It's definitely far out, though.
>
> Not as far out as some of the other ideas discussed here... The
> necessary stuff should be quite possible to implement in a couple of
> months or even weeks I think. It requires a proxy for the proc server
> for local UIDs, and probably a filesystem proxy that enforces subuser
> permissions. Not sure what else is needed. (auth? passwd?)
-snip-
> Subusers however are quite useful in general -- in fact, we already
> discussed the possibility in a different context once. I would also use
> it as a base for running dangerous applications in a secure manner for
> example.
> I think this is actually quite a nice niche: It is a pretty obvious
> feature. Once we have it implemented, we can advertize it directly. I
> think people will see its usefulness themselfs -- no need to go hunting
> for more specific use cases...
I can already see something like a "subdo" command which provides easy access
to common subhurd environments :)
# Let a virus run free, but any effect vanishes once the subhurd closes
# (this includes "effects" on network interfaces -
# any packet sending is only faked).
$ subdo --no-lasting-changes ./virus
Best wishes,
Arne
--
-- My stuff: http://draketo.de - stories, songs, poems, programs and stuff :)
-- Infinite Hands: http://infinite-hands.draketo.de - singing a part of the
history of free software.
-- Ein Würfel System: http://1w6.org - einfach saubere (Rollenspiel-) Regeln.
-- PGP/GnuPG: http://draketo.de/inhalt/ich/pubkey.txt
signature.asc
Description: This is a digitally signed message part.