> The underlying assumption of motivation for this discussion is that > jailing (or whatever we want to call it) is somehow a good thing. > Given that every CPU we care about comes with virtualization > hardware, I just can't see the point of jails -- seems like an idea > whose time has gone, kind of like 8086 segments.
I don't see how virtualization hardware solves "the applet problem", or least privilege in general. While you want un-trusted or semi-trusted code to be walled off from *most* of your stuff, you want it to access *some* of your stuff, such as part of your screen. If you run it on a virtual-other machine, you still need a way to specify which of your stuff you want exported to that other machine. Java has a way of doing that, which is nice and complicated. It seems as if considering all resources to be files and sticking different subsets of them into different namespaces might be less painful. This isn't an emergency for anybody running Plan 9, nor, apparently, anybody else, since most OS's are pretty coarse-grained about privileges, but it might be worth thinking about. Dave Eckhardt