this post was submitted on 13 Apr 2025
25 points (90.3% liked)

Linux

9878 readers
82 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
[email protected]
25
Why don't we build a kernel with "app" permissions? (jlai.lu)
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
18 comments fedilink hide all child comments
 

I've been thinking. Android implements app permissions on top of Linux, Flatpak does it too. But why is it it's not part of the kernel?

Like all executable files would be sandboxed and would only be able to access syscalls and parts of the file system if they were allowed to. Making sandboxing the default instead of having to restrict programs.

I'm not a kernel developper so this question may be naive, but it bothers my mind. I guess part of it is because of historical reasons but are there any practical ones that make it not feasable?

EDIT : Thank you all for your answers, almost all of you were very nice and explained things clearly

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 29 points 1 week ago (1 children)

It exists, there's already selinux and apparmor.

[–] [email protected] 20 points 1 week ago (1 children)

There's also cgroups and Linux namespaces -- probably most popularly interacted with via Docker currently.

[–] [email protected] 13 points 1 week ago

That's also effectively what Flatpak and Snap uses, and also Steam's Runtime also uses containers.