From d94b4c18741cd081d1ef3a8ff6345034c0a6782b Mon Sep 17 00:00:00 2001 From: dzwdz Date: Sun, 19 Feb 2023 11:57:46 +0100 Subject: readme: remove stupid stuff --- readme.md | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) (limited to 'readme.md') diff --git a/readme.md b/readme.md index 9df185d..e4c4b8a 100644 --- a/readme.md +++ b/readme.md @@ -1,22 +1,7 @@ # camellia an experimental, work-in-progress, microkernel based on some of my ideas for privilege separation. -this README is shit, but it's still better than the old one - -## the ideas -### everything is a file, but really now -All resources are accessed through the filesystem, similarly to Plan 9. `/kdev/ata/0`, `/net/0.0.0.0/listen/tcp/80`, etc. -This makes it easier to reason about the privileges of a process, as they're all managed in the same way. -On Linux, `namespaces(7)` lists 8 different process namespaces - 8 separate ways to isolate each part of a process. It's easy to let something slip through. - -Compare that to `whitelist /bin/httpd:ro /var/www/:ro /net/0.0.0.0/listen/tcp/80 -- httpd`. It's immediately obvious what httpd can and can't do. - -Internally, that works somewhat like Plan 9 namespaces. `whitelist` hijacks all `open()` calls made by its children, and decides if they can pass through. -This stacks easily. Broadly speaking, processes have full control over their childrens' resource accesses. Filesystem drivers and such use that too. -This also makes them easy to sandbox: `mount /mnt/ whitelist /bin/fatfs /kdev/ata/0 -- fatfs /kdev/ata/0`. - - -## list of stolen stuff +## third party code used * `src/user/lib/elf.h` from [adachristine](https://github.com/adachristine/sophia/tree/main/api/elf) * `src/user/lib/vendor/getopt` from [skeeto](https://github.com/skeeto/getopt) * `src/user/lib/vendor/dlmalloc` from [Doug Lea](https://gee.cs.oswego.edu/dl/html/malloc.html) -- cgit v1.2.3