RFC: new namespae based security extension

Enrico Weigelt, metux IT consult info at metux.net
Wed Mar 12 12:36:46 UTC 2025


On 11.03.25 19:46, Alan Coopersmith wrote:

Hi,

> This sounds partially similar to the Trusted Solaris extension, which in
> Solaris 10 and later relied on Solaris zones for the client isolation for
> each "label", and returned fake success messages to reduce the breakage on
> client applications (which I believe dates back to the original
> "Less Insecure X" paper/prototype).

a little bit similar. But XNS is more flexible, not tied to particular
user or zone/container management scheme, and of course network
transparent.

Right now (within this PoC), the client->namespace association is based
on auth token. Should IMHO be enough for surrounding infrastructure
doing the provisioning depending on actual use case (a mobile device
might have very different requirements than an industrial control
station)

> I believe Glenn Faden (the architect of Trusted Solaris) published some
> papers on the design & implementation as well.

thanks for the hint.


--mtx

--
---
Hinweis: unverschlüsselte E-Mails können leicht abgehört und manipuliert
werden ! Für eine vertrauliche Kommunikation senden Sie bitte ihren
GPG/PGP-Schlüssel zu.
---
Enrico Weigelt, metux IT consult
Free software and Linux embedded engineering
info at metux.net -- +49-151-27565287



More information about the xorg-devel mailing list