I’ve been thinking. Android implements app permissions on top of Linux, Flatpak does it too. But why is it it’s not part of the kernel?
Like all executable files would be sandboxed and would only be able to access syscalls and parts of the file system if they were allowed to. Making sandboxing the default instead of having to restrict programs.
I’m not a kernel developper so this question may be naive, but it bothers my mind. I guess part of it is because of historical reasons but are there any practical ones that make it not feasable?
EDIT : Thank you all for your answers, almost all of you were very nice and explained things clearly
You must log in or register to comment.
It exists, there’s already selinux and apparmor.
There’s also cgroups and Linux namespaces – probably most popularly interacted with via Docker currently.
That’s also effectively what Flatpak and Snap uses, and also Steam’s Runtime also uses containers.
Mainly because it’s not the kernel’s job. It provides abstractions to access the hardware, manages memory and manages processes, it doesn’t care what userspace does that’s userspace’s problem.
The kernel is responsible for enforcing security policies, but not for writing them or discovering them. It doesn’t know what an “app” is, or what a permission would look like.
It’s the userspace that assigns labels to files and SELinux policies so that the kernel is programmed to know what the boundaries are. As an example, when you log in on a Linux computer, logind ends up assigning your user access to the keyboard, mouse, display and audio to your user and then starts your session and that’s how you get access to those
/devnodes. If you switch user they’re yanked away from you so the other user can use them without you snooping on it.Userspace uses the kernel’s features to implement the permission systems. That’s basically what Flatpak does: leverage those kernel features to sandbox the application. And it works great and is effective.
Android also uses the Linux kernel and its features for its own sandbox and permission system too.
Generally, the kernel provides the tools for userspace to be able to do things, that’s its purpose. For example all the OpenGL and Vulkan stuff is in userspace, not the kernel, the kernel doesn’t know what Vulkan is and doesn’t care. It mediates access to the GPU and reserving memory on it anf uploading code to it. The code comes from your GPU driver in userspace.
Go ahead, Champ. Build a kernel. I feel like your question is more “why doesn’t somebody else do this thing that I just thought of and don’t really understand?”
Douchebag answer of the week
Go ahead and respond over and over to pointless bots asking stupid questions while someone pretends to be creating an engaging community. Do you honestly believe someone just created an account on an obscure platform like Lemmy to ask that question? Seriously?
