> -----Original Message----- > From: Jan Olszak [mailto:[email protected]] > Sent: Tuesday, March 11, 2014 7:15 AM > To: 'Jarkko Sakkinen'; 'MyungJoo Ham' > Cc: Schaufler, Casey; [email protected] > Subject: RE: [Dev] Linux Containers on Tizen > > When I give my phone away I'm not only concerned about what this user can > do, but rather what the applications that he will install can do. In this case > starting a container would give you greater protection than just creating a > new user. So yes, maybe containers could be a good technology to > implement this.
By now I expect that everyone is familiar with this use case. > "Not Umbrella Containers" operate under the assumption that we all failed - > that there is a hole and a malicious application can use it to do stuff. NUC > would place a concrete wall between the private and business > environments, so malicious apps still can do stuff but only in one > environment. That is the use case we are concentrating on. Understood. As above, this use case is very familiar. > The main threat for the security of the user is the user himself. I would > accept any set of permissions just to get this Tree Climbing Game I long, but > at least I wouldn't imperile my business data. No one is arguing against this. There is already an effort (multi-user) in place to address this and several other similar use cases. NUC could very well be a valuable component of that effort. But you *must* coordinate your work with the multi-user team. If you don't neither will ever work right. > Thanks, > Jan > > -----Original Message----- > From: Jarkko Sakkinen [mailto:[email protected]] > Sent: Tuesday, March 11, 2014 11:33 AM > To: MyungJoo Ham > Cc: Schaufler, Casey; Jan Olszak; [email protected] > Subject: Re: [Dev] Linux Containers on Tizen > > On Tue, Mar 11, 2014 at 01:56:33AM +0000, MyungJoo Ham wrote: > > Not related with multi-user project at least for now. It is an > > independent project and it does not assume that the two domains > > have different users. > > In thhe first mail there was a use case where you would give your phone or > tablet to your child. Should multi-user address the same use case or not? > > The main difference I see with multi-user and this is that: > > 1. Multi-user is a feature and proper technologies are chosen to implement > it. > > 2. Containers (not that well defined umbrella term for linux namespaces and > cgroups when you combine them) is a technology. > You might use parts of it for implementing features such as multi-user > support. > > With my limited knowledge of this effort it really looks like as someone was > climbing feet first into the tree. > > /Jarkko > _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
