The one problem I have with the trusted files thing is that I have no way to trust non-file-visiting buffers. Why is *scratch* untrusted!? *scratch* should always be trusted, without me having to configure anything, ideally. Though a setting to automatically trust non-file-visiting buffers would be nice.
I just ended up stopping using the scratch buffer because of that issue.
2 hours ago [-]
like_any_other 1 hours ago [-]
It's getting so very old - all I want out of a process is code autocomplete, but I have to grant it read & write permission to my entire disk and network. When do we get good permissions and sandboxing and isolation? This can't go on.
nextos 27 minutes ago [-]
I agree granting processes permission to read any file is unsustainable.
In Linux, sandboxing with Firejail and bwrap is quite easy to configure and allows fine-grained permissions.
Also, the new Landlock LSM and LSM-eBPF are quite promising.
boxedemp 1 hours ago [-]
I build my own. Maybe I nee to externalize it...
2 hours ago [-]
Rendered at 04:55:39 GMT+0000 (Coordinated Universal Time) with Vercel.
In Linux, sandboxing with Firejail and bwrap is quite easy to configure and allows fine-grained permissions.
Also, the new Landlock LSM and LSM-eBPF are quite promising.