Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's getting so very old - all I want out of a process is code autocomplete, but I have to grant it read & write permission to my entire disk and network. When do we get good permissions and sandboxing and isolation? This can't go on.


I agree granting processes permission to read any file is unsustainable.

In Linux, sandboxing with Firejail or bwrap is quite easy to configure and allows fine-grained permissions.

Also, the new Landlock LSM and LSM-eBPF are quite promising.


I build my own. Maybe I nee to externalize it...


It's exhausting because the model that underpins the whole concept is broken


Everyone got the point the last two times you posted this.


Then perhaps people should engage with the technical substance of something once in a while




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: