Void Processes: Minimising privilege by default
Recently I concluded the work on my Part III (M.Eng) dissertation. This was on Void Processes, a mechanism to statically distribute fine-grained privilege to application processes on Linux. My dissertation is available here. I plan to make a series of posts over the next few weeks documenting my findings in smaller snippets, particularly the experience of voiding mount namespaces. In the future, I hope to produce some work which increases the performance of creating empty namespaces....