elaborate todo about securing programs

2023-06-28 01:08:53 +00:00 · 2023-06-28 01:08:53 +00:00 · c09b2d0d63
commit c09b2d0d63
parent f12672b197
1 changed files with 3 additions and 0 deletions
--- a/TODO.md
+++ b/TODO.md
@ -34,6 +34,9 @@
 - have `sane.programs` be wrapped such that they run in a cgroup?
    - at least, only give them access to the portion of the fs they *need*.
    - Android takes approach of giving each app its own user: could hack that in here.
+    - flatpak does this, somehow
+    - apparmor?  SElinux?  (desktop) "portals"?
+    - see Spectrum OS; Alyssa Ross; etc
 - canaries for important services
    - e.g. daily email checks; daily backup checks