IRC channel logs


back to list of logs

<andrzejku>hello damo22
<andrzejku>damo22, hello
<ArneBab>Hi, for the past two years I’ve been trying to hack on a translator which can guard a filesystem node and ask back via a defined channel whether to grant a program permission that tries to access it.
<ArneBab>I’m finally out of procrastination (because a deadline looms), and I’m finally building actual stuff instead of getting lost in planning, but I wanted to ask whether it actually makes sense.
<ArneBab>(as I’m doing it)
<ArneBab>What I want to do:
<ArneBab>- a translator on some node that guards a node and checks whether an accessing program has sufficient rights. If it does, let it write through.
<ArneBab>- if the program does not, write the PID, the access, and the filesystem node to /run/USER/request-permission/PERMISSION/PID
<ArneBab>- have a minimal program connected to a socket that asks yes-no questions when something is written to /run/USER/request-permission/PERMISSION/PID
<ThinkT510>sounds a little like pledge/unveil from openbsd (serenityos also uses that)
<ArneBab>that sounds close, yes. However I want to start programs with fewer permissions and ask whether to grant them at runtime if the program tries an access.
<ArneBab>I wanted to implement sound support, but realized that the first and more general point is to be able to make it seamless to only grant access at runtime.
<ArneBab>Like the access-request for the microphone in the browser, but on an OS-level and for any kind of resource.
<ArneBab>sidenote: I documented my basic hurd hacking environment:
<Gooberpatrol_66>There's a thing i saw on the hurd wiki called a powerbox that sounds similar