Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Containers woven in to foundations #260

Closed
paul-hammant opened this issue Mar 26, 2021 · 1 comment
Closed

Containers woven in to foundations #260

paul-hammant opened this issue Mar 26, 2021 · 1 comment

Comments

@paul-hammant
Copy link

paul-hammant commented Mar 26, 2021
edited

Not docker-style virtualization, more something build into the VPASM. From: https://paulhammant.com/2016/12/14/principles-of-containment/

  • implicit sandboxing at each container/contained boundary
  • should be nestable and each contained item be further restricted without knowledge of its nesting depth.
  • implementation hiding should be possible (classpath concept)

J2SE had hundreds of permissions that were fine grained. Cos of classloader trees and security manager, permissions could be specified at each node.

Core permissions

  • can/can't read or write to places within the local file system
  • can/can't initiate client HTTP/s requests (further constrained to domains/ports maybe)
  • can/can't listen on a socket, and accept requests from (localhost, domains, all, etc etc)
  • can/can't spawn processes or threads
  • is/isn't constrained for CPU or RAM (J2SE doesn't implement this one)

Secondary permissions

  • can use desktop
  • can see other apps on desktop

Needs an elegant grammar accessible from the terminal:

contain --allowWeb *all --allowFileIO ~/myTemp01/ --allowDesktop 
    --sha256 8ee57a04a6f248dc361f32ae69c5494b6894c2754982a24c43d85785216656f7 
    component = https://apps.chrysalisp.org/amortization.lisp

or:

abc = container --allowWeb *all --allowFileIO ~/myTemp01/ --allowDesktop 
abc add --sha256 8ee57a04a6f248dc361f32ae69c5494b6894c2754982a24c43d85785216656f7 
    component = https://apps.chrysalisp.org/amortization.lisp

or:

abc = container --allowWeb *all --allowFileIO ~/myTemp01/ 
abc add --sha256 8ee57a04a6f248dc361f32ae69c5494b6894c2754982a24c43d85785216656f7 
    component = https://apps.chrysalisp.org/amortization.lisp # can't ordinarily see component in 'def' below
def = abc add container --allowDesktop 
def add --sha256 5d0a5ae55f2f3e0dfe18955114b4e48a793c2b7545b125934ee4446be0437be6 
    component = https://apps.chrysalisp.org/amortization_ui.lisp # can use components from abc

Note, Inversion of Control (rooted in the 90's) applies: component assembly, configuration and lifecycle (in containers; container is a specialization of component)

Separately, virtualization style containers needed too. LXC, etc. Docker can exist within that. Later. Link to issue: Nnnn
This was referenced Mar 26, 2021
Closed
Closed
@paul-hammant
Copy link
Author

An interesting read generally https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html ... but search for "Java permission system" in page too.

@vygr vygr closed this as not planned Won't fix, can't repro, duplicate, stale Apr 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paul-hammant @vygr