LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Qubes beta 1 released

Qubes beta 1 released

Posted Apr 13, 2011 21:31 UTC (Wed) by pboddie (subscriber, #50784)
In reply to: Qubes beta 1 released by epa
Parent article: Qubes beta 1 released

Wouldn't "subusers" or "hierarchical users" - stuff like pboddie.firefox being the "user" that runs Firefox - be a reasonable Unixy solution, though? In my experience of sandboxing discussions around programming languages, things quite often boil down to "we're doing this for the Windows people because, of course, you'd just run it as a different user on Unix", together with an acknowledgement that you could still be a nuisance on the network.

(Log in to post comments)

Qubes beta 1 released

Posted Apr 13, 2011 23:26 UTC (Wed) by skissane (subscriber, #38675) [Link]

I think Andy Valencia's VSTa operating system had a similar concept. Rather than a flat UID namespace (as POSIX provides), one can have a multi-level hierarchial namespace... 37.1.9...

I guess how it worked (never played with VSTa, so maybe I'm misunderstanding it) is that if I am a process of UID 37, I can fork a process with UID 37.x, e.g. 37.1. As UID 37 I have full owner access to all 37.1's objects and all 37.2's objects, but 37.1 doesn't have owner access to 37.2's objects or plain 37's objects.

So yeah, if I am user skissane, I could create 'subusers' like skissane.firefox, skissane.firefox.tab1, skissane.firefox.tab1.pdfreader...

Qubes beta 1 released

Posted Apr 13, 2011 23:29 UTC (Wed) by dlang (✭ supporter ✭, #313) [Link]

with namespaces, this is a concept that applies to linux as well

Qubes beta 1 released

Posted Apr 14, 2011 1:29 UTC (Thu) by skissane (subscriber, #38675) [Link]

UID namespaces in Linux are only a single-level hierarchy right? namespace.uid. My understanding was that VSTa provided a hierarchy of arbitrary depth. Also, you need special privilege to create a new namespace right? I thought the idea with VSTa, was that any process can create a sub-uid under its current uid, no special privilege required...

Qubes beta 1 released

Posted Apr 14, 2011 16:56 UTC (Thu) by elanthis (guest, #6227) [Link]

SELinux roles provide something similar, as well. Unfortunately, only if using SELinux.

I'd really, really, really like to see the core roles stuff enter the mainstream POSIX/Linux interface. Not the full domain management stuff of SELinux, but just enough to control file access and do PID checks to see which process are running in which roles (while still allowing them to belong to a specific user).

You can _almost_ emulate roles using groups, newgrp, group passwords, and so on, except that a process can drop its groups.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds