[arch-general] user namespaces

Martin Kühne mysatyre at gmail.com
Wed Feb 1 21:22:22 UTC 2017


As somebody with no actual knowledge of the details you guys are
arguing over, but it seems to me OP has yet to learn that a simpler
and more secure environment can only be achieved by using fewer and
powerful components instead of many useless ones. Okay, there might be
a point from which the amount of components will add enough obscurity
to the overall system that simply nobody will bother trying to break
it, but really, what's the big deal. I think sandboxing is a concept
reminding too much of windows tools such as bullguard, which simply
doesn't translate well enough (read: at all) to unixes, so I recommend
checking whether you can trust the few things you use instead of
adding a whole bunch of potempkin barriers. It's actually less work
overall, too.

cheers!
mar77i


More information about the arch-general mailing list