|
|
|
|
|
|
by pi18n
4836 days ago
|
|
|
One of the most interesting things to me is that Plan 9 did per-application sandboxing before and better than the broken implementation Apple is trying to do now. When every device driver is manipulated by writing to a file, one only needs to restrict access to the file to prevent net access. And Plan 9 has a filesystem that allows you to mount over specific files for a single process which is just so much more powerful than chroot. |
|
|