Re: Niche for Hurd - discussion - subhurds and subusers

[Arne Babenhauserheide]

Am Samstag 08 November 2008 12:20:33 schrieb olafBuddenhagen@gmx.net:
> > It's definitely far out, though.
>
> Not as far out as some of the other ideas discussed here... The
> necessary stuff should be quite possible to implement in a couple of
> months or even weeks I think. It requires a proxy for the proc server
> for local UIDs, and probably a filesystem proxy that enforces subuser
> permissions. Not sure what else is needed. (auth? passwd?)

-snip-

> Subusers however are quite useful in general -- in fact, we already
> discussed the possibility in a different context once. I would also use
> it as a base for running dangerous applications in a secure manner for
> example.

> I think this is actually quite a nice niche: It is a pretty obvious
> feature. Once we have it implemented, we can advertize it directly. I
> think people will see its usefulness themselfs -- no need to go hunting
> for more specific use cases...

I can already see something like a "subdo" command which provides easy access 
to common subhurd environments :) 

# Let a virus run free, but any effect vanishes once the subhurd closes 
# (this includes "effects" on network interfaces - 
# any packet sending is only faked). 
$ subdo --no-lasting-changes ./virus

Best wishes, 
Arne
-- 
-- My stuff: http://draketo.de - stories, songs, poems, programs and stuff :)
-- Infinite Hands: http://infinite-hands.draketo.de - singing a part of the 
history of free software.
-- Ein Würfel System: http://1w6.org - einfach saubere (Rollenspiel-) Regeln.

-- PGP/GnuPG: http://draketo.de/inhalt/ich/pubkey.txt

signature.asc
Description: This is a digitally signed message part.