We need hierarchical identities, dynamically created user sub-accounts that only exist at run time, used for processes and process groups (in case some task needs sub-sub-processes or multiple processes in parallel, for example one to render content and run Javascript, and the other to decode media stream; they might even have completely different process and I/O priorities) and as a mark at each directory the sub-account may access.
I don't know, so it's just my impression, but I think this is the direction Linus T.&C would all like to go
with the > 6.15 kernels to give a new strong "development reference" (1)
on the userspace side to applications that are otherwise increasingly vulnerable.
Kind of I add strong kernel side support, and provide several userspace side application examples,
now follow them to rewrite more sensitive applications!
Excellent, just ...
... if it works for GNU/Linux ... it will take a while to become a "towing" directive for other kernels too?
Especially for Haiku/OS which is very promising but is far behind ...
And I would like to be FreeBSD, OpenBSD and then MacOS? Will they follow?
Home
Help
Search
Login
Register
