ChrysaLisp icon indicating copy to clipboard operation
ChrysaLisp copied to clipboard

Published 20 hours ago verified publisher icon vygr

Containers woven in to foundations

Open paul-hammant opened this issue 3 years ago • 1 comments

Not docker-style virtualization, more something build into the VPASM. From: https://paulhammant.com/2016/12/14/principles-of-containment/

  • implicit sandboxing at each container/contained boundary
  • should be nestable and each contained item be further restricted without knowledge of its nesting depth.
  • implementation hiding should be possible (classpath concept)

J2SE had hundreds of permissions that were fine grained. Cos of classloader trees and security manager, permissions could be specified at each node.

Core permissions

  • can/can't read or write to places within the local file system
  • can/can't initiate client HTTP/s requests (further constrained to domains/ports maybe)
  • can/can't listen on a socket, and accept requests from (localhost, domains, all, etc etc)
  • can/can't spawn processes or threads
  • is/isn't constrained for CPU or RAM (J2SE doesn't implement this one)

Secondary permissions

  • can use desktop
  • can see other apps on desktop

Needs an elegant grammar accessible from the terminal:

contain --allowWeb *all --allowFileIO ~/myTemp01/ --allowDesktop 
    --sha256 8ee57a04a6f248dc361f32ae69c5494b6894c2754982a24c43d85785216656f7 
    component = https://apps.chrysalisp.org/amortization.lisp

or:

abc = container --allowWeb *all --allowFileIO ~/myTemp01/ --allowDesktop 
abc add --sha256 8ee57a04a6f248dc361f32ae69c5494b6894c2754982a24c43d85785216656f7 
    component = https://apps.chrysalisp.org/amortization.lisp

or:

abc = container --allowWeb *all --allowFileIO ~/myTemp01/ 
abc add --sha256 8ee57a04a6f248dc361f32ae69c5494b6894c2754982a24c43d85785216656f7 
    component = https://apps.chrysalisp.org/amortization.lisp # can't ordinarily see component in 'def' below
def = abc add container --allowDesktop 
def add --sha256 5d0a5ae55f2f3e0dfe18955114b4e48a793c2b7545b125934ee4446be0437be6 
    component = https://apps.chrysalisp.org/amortization_ui.lisp # can use components from abc

Note, Inversion of Control (rooted in the 90's) applies: component assembly, configuration and lifecycle (in containers; container is a specialization of component)

Separately, virtualization style containers needed too. LXC, etc. Docker can exist within that. Later. Link to issue: Nnnn

paul-hammant avatar Mar 26 '21 17:03 paul-hammant

An interesting read generally https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html ... but search for "Java permission system" in page too.

paul-hammant avatar May 10 '21 12:05 paul-hammant