Comment by theamk
2 years ago
Eh the system described in the post is mostly about taking away (no filesystem access, no multiple IPC methods, no X11...) All new required software seems to be only userspace:
- New IPC system: presumably it's abstracted, so can use any existing IPC for implementation. Or, purely as optimization, use Android's Binder or bring back bus1 (it was such a great idea)
- Document Database: pure userspace; in the most extreme case use raw block device
- Compositor / WM / Windows: this was always userspace already
- Rebuild the apps: userspace as well
Then once you new fancy APIs are ready, you use seccomp and/or per-app users and/or namespaces to isolate apps from everything except the few things people want.
> the system described in the post is mostly about taking away
I agree.
The hard part is, as usual, on the details. How do you take away stuff so that you still end up with an usable general purpose OS? That's definitely not easy, specially if you want to make it in a proper way, without hacking things up.
For example, suppose you make the decision to use the Linux kernel, which is a good one - you get driver support, networking, filesystems, and all the good stuff and general primitives for a common OS of today.. Given that what one wants is to remove stuff, in order to make that secure (which is requirement) you'd need to isolate and block everything because on Linux everything is accessible to a process by default, and the common primitives for control are very basic - you'd have to do a _lot_ of work in userspace to block it. It would contaminate your userspace architecture with details and stuff. And then you'd probably end up needing something to make the userspace parts able to communicate with each other, like Binder on Androids case (see my other comment in this thread).