this post was submitted on 13 Apr 2025
26 points (90.6% liked)

Linux

9846 readers
42 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
26
Why don't we build a kernel with "app" permissions? (jlai.lu)
submitted 1 week ago* (last edited 6 days ago) by nasteva@jlai.lu to c/linux@lemmy.world
18 comments fedilink hide all child comments
 

I've been thinking. Android implements app permissions on top of Linux, Flatpak does it too. But why is it it's not part of the kernel?

Like all executable files would be sandboxed and would only be able to access syscalls and parts of the file system if they were allowed to. Making sandboxing the default instead of having to restrict programs.

I'm not a kernel developper so this question may be naive, but it bothers my mind. I guess part of it is because of historical reasons but are there any practical ones that make it not feasable?

EDIT : Thank you all for your answers, almost all of you were very nice and explained things clearly

you are viewing a single comment's thread
view the rest of the comments
[–] tal@lemmy.today 10 points 1 week ago* (last edited 1 week ago) (1 children)

The Linux kernel already has the infrastructure required for that. Heck, Android itself, including its permission system, is built atop the Linux kernel.

Making sandboxing the default instead of having to restrict programs.

What's missing for that is work on userspace software and app packaging. The kernel can't automatically know what a program should and shouldn't be allowed to do.

Some of that work has happened, like moving from X11, which really wasn't designed around sandboxing, to Wayland.

But a lot of it requires making a permission system the norm and creating a system such that software is normally distributed with restricted permissions and developers develop around that. Like, I can use firejail and disallow write access to parts of the filesystem or network access to a program, but there isn't a broad system of appropriate pre-created profiles that applications are distributed with and way to view this. We don't have a convention for an application-private space on disk and lack of access to most of the filesystem, which Android does and apps need to be written around.

IMHO, one of the largest jumps would be Valve doing this for Steam games

a lot of games are going to be amenable to being sandboxed, don't need broad access to the system, and are closed source. There are some issues there; for Windows binaries run under Proton, WINE wasn't originally written around being isolated, and the game developers writing the software are writing to a Windows API that aren't under the control of people on the Linux side of things.

I haven't poked at snaps much or their technical underpinnings, but my understanding is that the snap packages distribute apps in a sandboxed form, so that might be the closest Linux-native approach. I don't recall seeing an obvious set of permissions required a la Android package managers, though.

[–] tiddy@sh.itjust.works 1 points 1 week ago (1 children)

You looked into flatpaks?

They work using namespaces and cgroups like containers, but have a much more unified system than podman/docker

[–] tal@lemmy.today 1 points 1 week ago

I think I've used one once or twice, but haven't delved into the system. I haven't spent time comparing snaps and flatpaks, either.