this post was submitted on 13 Apr 2025
26 points (90.6% liked)

Linux

9846 readers
23 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
26
Why don't we build a kernel with "app" permissions? (jlai.lu)
submitted 1 week ago* (last edited 6 days ago) by nasteva@jlai.lu to c/linux@lemmy.world
18 comments fedilink hide all child comments
 

I've been thinking. Android implements app permissions on top of Linux, Flatpak does it too. But why is it it's not part of the kernel?

Like all executable files would be sandboxed and would only be able to access syscalls and parts of the file system if they were allowed to. Making sandboxing the default instead of having to restrict programs.

I'm not a kernel developper so this question may be naive, but it bothers my mind. I guess part of it is because of historical reasons but are there any practical ones that make it not feasable?

EDIT : Thank you all for your answers, almost all of you were very nice and explained things clearly

you are viewing a single comment's thread
view the rest of the comments
[–] Max_P@lemmy.max-p.me 6 points 1 week ago

A system where everything is sandboxed by default exists too, you do that with a rule that denies everything that's not explicitly labeled for being allowed.

Only your package manager knows, at install time, how to label an application such that it only have access to the stuff it needs access to. That information have to come from somewhere.

Security is inherently a compromise. You've always been able to mount /home noexec so users can't execute non-approved stuff. But then Steam doesn't work, none of the games work because that makes them all foreign executables you're not allowed to execute. Steam has Flatpak-specific code to make it work with the nested sandbox.

It's up to the distros to make those choices for the desired user experience. Most regular distros are a bit old fashioned and leaves a lot of freedom to the user. And you can have a distro for workstations at offices where you really cannot run anything but company software, for security. Or a distro like Steam OS so regular users can't really break it.