IRC channel logs

<ArneBab>Hi, for the past two years I’ve been trying to hack on a translator which can guard a filesystem node and ask back via a defined channel whether to grant a program permission that tries to access it.

<ArneBab>I’m finally out of procrastination (because a deadline looms), and I’m finally building actual stuff instead of getting lost in planning, but I wanted to ask whether it actually makes sense.

<ArneBab>(as I’m doing it)

<ArneBab>What I want to do:

<ArneBab>- a translator on some node that guards a node and checks whether an accessing program has sufficient rights. If it does, let it write through.

<ArneBab>- if the program does not, write the PID, the access, and the filesystem node to /run/USER/request-permission/PERMISSION/PID

<ArneBab>- have a minimal program connected to a socket that asks yes-no questions when something is written to /run/USER/request-permission/PERMISSION/PID

<ThinkT510>sounds a little like pledge/unveil from openbsd (serenityos also uses that)

<ArneBab>that sounds close, yes. However I want to start programs with fewer permissions and ask whether to grant them at runtime if the program tries an access.

<ArneBab>I wanted to implement sound support, but realized that the first and more general point is to be able to make it seamless to only grant access at runtime.

<ArneBab>Like the access-request for the microphone in the browser, but on an OS-level and for any kind of resource.

<ArneBab>sidenote: I documented my basic hurd hacking environment: https://www.draketo.de/software/hurd-development-environment.html

<Gooberpatrol_66>There's a thing i saw on the hurd wiki called a powerbox that sounds similar

IRC channel logs

2021-12-01.log