|
|
|
|
|
|
by nextos
64 days ago
|
|
|
I agree granting processes permission to read any file is unsustainable. In Linux, sandboxing with Firejail or bwrap is quite easy to configure and allows fine-grained permissions. Also, the new Landlock LSM and LSM-eBPF are quite promising. |
|
|