Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Sounds like it has just AppArmor/Seccomp/SELinux policies built in. You usually reach the same with previous.


The difference is that those solutions are mandatory access control. Fuchsia doesn't have a global namespace that everyone shares. Each component gets it's own view of the world based on what is passed to it. This is often easier to work with then MAC. It's similar to writing a program without relying on globals for state, but instead passing everything into every function that it needs.


> Each component gets it's own view of the world based on what is passed to it.

But isn’t that exactly the same as MAC with default deny..? Different terms.


Yes it's different because mac implies global understanding. Capability routing decisions are local.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: