But managing granular permissions is hard. The common denominator with all these discussions is people want to apply the minimal amount of thinking possible.
But managing granular permissions is hard. The common denominator with all these discussions is people want to apply the minimal amount of thinking possible.
1) can access/write local files?
2) can access/write a specific folder?
3) can access network?
4) can access gateway/internet?
5) can access local network? (vlans would help here)
6) give access to USB devices
7) needs access to the screen? -> giveframebuffer access / drawing primitive
8) Need to write? Use an overlay FS that can be checked by the host and approved
9) sub processes can never escalate permissions
By default: nothing. But unfortunately, it’s always by default allow.
Also, make it simple to remove the permissions again.