Hacker News new | ask | show | jobs
by like_any_other 62 days ago
It's getting so very old - all I want out of a process is code autocomplete, but I have to grant it read & write permission to my entire disk and network. When do we get good permissions and sandboxing and isolation? This can't go on.
3 comments
nextos 62 days ago
I agree granting processes permission to read any file is unsustainable.

In Linux, sandboxing with Firejail or bwrap is quite easy to configure and allows fine-grained permissions.

Also, the new Landlock LSM and LSM-eBPF are quite promising.

link
boxedemp 62 days ago
I build my own. Maybe I nee to externalize it...
link
quotemstr 61 days ago
It's exhausting because the model that underpins the whole concept is broken
link
hluska 61 days ago
Everyone got the point the last two times you posted this.
link
quotemstr 59 days ago
Then perhaps people should engage with the technical substance of something once in a while
link