Hi Juliana, Juliana Sims <j...@incana.org> skribis:
> To bring this email back to directly the topic you raise, a Shepherd > run0 is complementary to a future ocaps-ification of the broader > process environment; they support and reinforce each > other. Furthermore, with ocaps, the Shepherd could grow beyond run0. I > personally think this is the direction Guix and the Shepherd should > go. I very much agree with the direction! One thing that’s still unclear to me is how to get a “true” capability system running on top of POSIX or Linux. Capsicum was one answer to that; the Hurd is another one, where system core is ocap but there’s a “POSIX personality” where you get the usual POSIXy ambient authority (and processes, and file descriptors, etc.) that allows you to run applications that target POSIX. I haven’t read about run0 yet, but like sudo, it’s very much built to let you run regular POSIX/Linux applications. I suppose we could gradually develop ocap applications that use Goblins/Shepherd-specific interfaces with fine-grain authority. But we may need to come up with much less fancy approaches for “legacy” (!) POSIX code. WDYT? Ludo’.
