Comment by zozbot234

4 years ago

If you want foolproof sandboxing, you need opt-out namespacing. Because there might be resource types that your version of the software doesn't know about, and these should really be namespaced by default.

Besides, what really matter is whether namespacing is idiomatic or not. It was always idiomatic in plan9, and containerization has certainly made it more idiomatic even on *nix systems.

3 comments

zozbot234

Reply
monocasa  4 years ago

Plan9 was the model you're saying isn't foolproof. Switching namespaces were explicit calls seperate from process creation.

The Linux namespace scheme was explicitly inspired by plan9, but didn't have nearly as many gotchas (like plan9 vfs namespaces being only per uid).

My bringing up kubernetes is to contrast the Unix style methods in a way that developers today would recognize.

  • zozbot234  4 years ago

    > The Linux namespace scheme was explicitly inspired by plan9, but didn't have nearly as many gotchas

    There were other OS's doing similar stuff at the time, e.g. BSD jails predate Linux containers AIUI.

    • monocasa  4 years ago

      I'm going to be honest, I don't know what point you're arguing against at this point. Can you clarify that?