[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#45198: 28.0.50; Sandbox mode
From: |
Mattias Engdegård |
Subject: |
bug#45198: 28.0.50; Sandbox mode |
Date: |
Mon, 14 Dec 2020 12:12:43 +0100 |
> The sandboxing technologies I'm aware of are process-based (because Linux
> namespaces and kernel syscall filters are per-process), so a "start sandbox
> from here" function likely can't be implemented. The interface should rather
> be something like
If you mean that the sandbox needs to be active from the very start of the
process, I don't see why that has to be the case. It does not appear to be
necessary for macOS, OpenBSD or FreeBSD, nor for at least some the Linux
options I'm aware of.
Perhaps I misunderstood, and there may indeed be some desirable sandboxing
methods that require from-exec sandboxing. It is often useful to allow for a
set-up period prior to activating restrictions allowing for specific files to
be opened and so on and can make the sandboxing itself simpler by being less
selective.
From-exec sandboxing also precludes using simple forking (without exec) as a
cheap way to start the Emacs subprocess (if somewhat Unix-specific).
- bug#45198: 28.0.50; Sandbox mode, (continued)
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/29
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2020/12/29
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/29
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2020/12/29
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/31
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2020/12/31
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2020/12/13
- bug#45198: 28.0.50; Sandbox mode, João Távora, 2020/12/13
bug#45198: 28.0.50; Sandbox mode,
Mattias Engdegård <=
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/14
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2020/12/14
- bug#45198: 28.0.50; Sandbox mode, Mattias Engdegård, 2020/12/14
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/17
- bug#45198: 28.0.50; Sandbox mode, Mattias Engdegård, 2020/12/17
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/18
- bug#45198: 28.0.50; Sandbox mode, Mattias Engdegård, 2020/12/18
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/19
- bug#45198: 28.0.50; Sandbox mode, Mattias Engdegård, 2020/12/19
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2020/12/19