qyliss changed the topic of #spectrum to: A compartmentalized operating system | https://spectrum-os.org/ | Logs: https://logs.spectrum-os.org/spectrum/
<ehmry> zgrep: hyperfekt: i think genode is less about standardizing an API or methods of permissions and more about allowing policies to be better distributed and localized
<ehmry> the key is not having global ACLs
<zgrep> Ah, interesting... though I would guess that it does this by enforcing a particular method with which such policies/permissions to be defined?
<ehmry> zgrep: yes, at a kind of generic and abstract level :)
<ehmry> but for example, enforcing file-system permissions is done by effectively using `chroot` or disabling all write permissions, which doesn't seem very fined grained but is simple to implement and understand
<ehmry> and if you wanted to implement a shim that injected something like users or group, that is possible but the burden is on you to do it properly
<zgrep> I'd assume the easiest way to shim user/group-style things would be to have each user have their own chroot-style thing, and designate special shared folders for shared things. At least for filesystems.
<zgrep> Oh, okay. I was thinking more in terms of access to things, such as a slice of memory or disk, or access to send TCP packets, and wasn't thinking about awkward fine-grained slicing of user or group permissions.
<zgrep> (Though that's not the exact same thing, it's probably close enough.)
<zgrep> Maybe I should be asking this in #genode as opposed to here.
<zgrep> ehmry: Hm. But at what... "levels" are the lines drawn? At what point do you decide that something gets a unique API? From my (incomplete if not incorrect) understanding, there's an overarching components+isolation+inter-component-communication concept that everything is based off of, and then there's more application-specific API's (built atop the general and abstract one) for filesystem access, and VM setup, and window management,
<zgrep> etc.
<ehmry> zgrep: there are a few interfaces defined for stuff like block devices, FS, ethernet and windowing, but they are all quite simple
<ehmry> and if you want to enforce polices at the level of IP or TCP ports then you have to use the router component
<ehmry> and yes, there is also #genode
<ehmry> also, https://git.sr.ht/~ehmry/genodepkgs, which is some alpha nix+genode stuff
leah2 has quit [Ping timeout: 246 seconds]
leah2 has joined #spectrum
cole-h has quit [Quit: Goodbye]
nicoo has quit [Remote host closed the connection]
lzmartinico has quit [Ping timeout: 240 seconds]
lzmartinico has joined #spectrum
nicoo has joined #spectrum
<IdleBot_85f8451c> Re: standartise on a single API — I think we have already seen how well it goes with init, and here we have a much better justification for a mission creep. So no.
<hyperfekt> i'm not even going to engage with that
<ehmry> well we've also seen how well its gone with POSIX
<ehmry> now the hip new standard is KVM
tazjin has quit [Ping timeout: 265 seconds]
chriscoffee has quit [Read error: Connection reset by peer]
chriscoffee has joined #spectrum
tazjin has joined #spectrum
amanjeev- is now known as amanjeev
amanjeev is now known as amanjeev-
leah2 has quit [Ping timeout: 272 seconds]
leah2 has joined #spectrum
multi has quit [Quit: bye]
multi has joined #spectrum
multi has joined #spectrum
multi has quit [Changing host]
leah2 has quit [Ping timeout: 256 seconds]
leah2 has joined #spectrum
cole-h has joined #spectrum
ashkitten has quit [Quit: WeeChat 2.8]
ashkitten has joined #spectrum
<pie_> not strictly related, but excellent talk https://invidio.us/watch?v=fdO4VN1IDI0 , or essay (i havent read the essay yet) https://blog.troutwine.us/2017/02/10/build-good-software/
multi has joined #spectrum
multi has joined #spectrum
multi has quit [Changing host]