[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: /run/setuid-programs via the Shepherd?
From: |
Ludovic Courtès |
Subject: |
Re: /run/setuid-programs via the Shepherd? |
Date: |
Mon, 17 Jun 2024 14:53:22 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Hi Juliana,
Juliana Sims <juli@incana.org> skribis:
> To bring this email back to directly the topic you raise, a Shepherd
> run0 is complementary to a future ocaps-ification of the broader
> process environment; they support and reinforce each
> other. Furthermore, with ocaps, the Shepherd could grow beyond run0. I
> personally think this is the direction Guix and the Shepherd should
> go.
I very much agree with the direction!
One thing that’s still unclear to me is how to get a “true” capability
system running on top of POSIX or Linux. Capsicum was one answer to
that; the Hurd is another one, where system core is ocap but there’s a
“POSIX personality” where you get the usual POSIXy ambient authority
(and processes, and file descriptors, etc.) that allows you to run
applications that target POSIX.
I haven’t read about run0 yet, but like sudo, it’s very much built to
let you run regular POSIX/Linux applications. I suppose we could
gradually develop ocap applications that use Goblins/Shepherd-specific
interfaces with fine-grain authority. But we may need to come up with
much less fancy approaches for “legacy” (!) POSIX code.
WDYT?
Ludo’.