On Mon, May 23, 2022 at 07:09:03PM -0400, Stephen Frost wrote: > Instead, I'd argue that we should be continuing to work in the direction > of splitting up what can only be done by a superuser today using > predefined roles and other methods along those lines. How that lines up > with this latest ask around untrusted languages is something I'm not > exactly sure about, but a magic configure option that is > "--don't-allow-what-AWS-doesn't-want-to-allow" certainly doesn't seem > like it's going in the right direction (and, no, not every cloud > provider is going to want the exact same thing when it comes to whatever > this option is that we're talking about, so we'd end up having to have > configure options for each if we start going down this road...).
I guess I'd like to do both. I agree with continuing the work with predefined roles, etc., but I also think there is value in being able to compile out things that allow arbitrary disk/network access. My intent with this thread is the latter, and I'm trying to tackle this in a way that is generically useful even beyond the cloud provider use case. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com