For reference, this is systems security 101; the context being Multi-Level Security (MLS): https://en.wikipedia.org/wiki/Bell%E2%80%93LaPadula_model is a model for confidentiality, whereas Biba and Clark-Wilson are rather integrity models. Those are the reference models from the 70ies and 80ies. The articles on Wikipedia are not too great, so you may wish to look into e.g. Matt Bishops's course material. I couldn't find them right away. He's written the widely referenced books on computer security, which you will find.
A very general intro: https://www.cse.psu.edu/~gxt29/teaching/cs447s19/slides/01basicsOfSecurity.pdf More going into detail, this one is rather lengthy: https://ccss.usc.edu/523/F24-DSci523-Lec10.pdf There are many approaches to access controls, abbreviated as *AC, such as DAC - https://en.wikipedia.org/wiki/Discretionary_access_control -, and you may be thinking of that. This will lead you to looking into https://en.wikipedia.org/wiki/Capability-based_security which essentially means that access to resources is granted by delegation / passing. Beware of the confused deputy problem. In the context of build systems, you likely want a sandbox that has very limited access to resources, merely reading source files, executing designated toolchains, and writing artifacts (outputs). That in itself, however, is not sufficient. Controlling what happens around the sandbox is key; see also every attempt to poison software seen over the last years by attacking build services and registries. Cheers Daniel On Sat, 9 Aug 2025, 02:32 hiro, <[email protected]> wrote: > on linux you need root to bind. this makes namespaces (and thus > containers) a big pain. > user namespaces is the hack around it. it makes unintended privilege > escalation a breeze. ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T924b170304d49c32-M6e9e5898f0c4cda980c9a318 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
