From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#45198: 28.0.50; Sandbox mode
Date: Sat, 17 Apr 2021 19:15:06 +0300
Message-ID: <83tuo4vqet.fsf@gnu.org>
References: <5818DFAA-3A9C-4335-BAAF-1227A02C290A@acm.org>
 <19511709-E42B-4ABD-9823-39EA08A79B1F@gmail.com> <83v98kvr7y.fsf@gnu.org>
 <9A5BCDF3-6543-46C0-AB56-2311392FC549@gmail.com>
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="5248"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: alan@idiocy.org, mattiase@acm.org, 45198@debbugs.gnu.org,
 stefankangas@gmail.com, joaotavora@gmail.com, monnier@iro.umontreal.ca
To: Philipp <p.stephani2@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Apr 17 18:16:25 2021
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1lXncP-0001Fl-4R
	for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 17 Apr 2021 18:16:25 +0200
Original-Received: from localhost ([::1]:36456 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1lXncN-0002gD-Mw
	for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 17 Apr 2021 12:16:23 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:53510)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lXnc1-0002g6-VQ
 for bug-gnu-emacs@gnu.org; Sat, 17 Apr 2021 12:16:02 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:60895)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1lXnc1-00038z-NP
 for bug-gnu-emacs@gnu.org; Sat, 17 Apr 2021 12:16:01 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1lXnc1-0004Es-HV
 for bug-gnu-emacs@gnu.org; Sat, 17 Apr 2021 12:16:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sat, 17 Apr 2021 16:16:01 +0000
Resent-Message-ID: <handler.45198.B45198.161867613016252@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 45198
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
Original-Received: via spool by 45198-submit@debbugs.gnu.org id=B45198.161867613016252
 (code B ref 45198); Sat, 17 Apr 2021 16:16:01 +0000
Original-Received: (at 45198) by debbugs.gnu.org; 17 Apr 2021 16:15:30 +0000
Original-Received: from localhost ([127.0.0.1]:44207 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1lXnbW-0004E4-7N
 for submit@debbugs.gnu.org; Sat, 17 Apr 2021 12:15:30 -0400
Original-Received: from eggs.gnu.org ([209.51.188.92]:40864)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@gnu.org>) id 1lXnbU-0004Dp-8V
 for 45198@debbugs.gnu.org; Sat, 17 Apr 2021 12:15:28 -0400
Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:35935)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@gnu.org>)
 id 1lXnbN-0002lg-Ee; Sat, 17 Apr 2021 12:15:22 -0400
Original-Received: from 84.94.185.95.cable.012.net.il ([84.94.185.95]:2946
 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@gnu.org>)
 id 1lXnbL-0004Am-H4; Sat, 17 Apr 2021 12:15:20 -0400
In-Reply-To: <9A5BCDF3-6543-46C0-AB56-2311392FC549@gmail.com> (message from
 Philipp on Sat, 17 Apr 2021 18:10:14 +0200)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:204223
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/204223>

> From: Philipp <p.stephani2@gmail.com>
> Date: Sat, 17 Apr 2021 18:10:14 +0200
> Cc: mattiase@acm.org,
>  joaotavora@gmail.com,
>  45198@debbugs.gnu.org,
>  stefankangas@gmail.com,
>  monnier@iro.umontreal.ca,
>  alan@idiocy.org
> 
> > IMO, if we have no reasonably clear idea how this will be used on the
> > high level,
> 
> I have a relatively clear idea how I want the high-level interface to look like:
> 
> (cl-defun start-sandbox (function &key readable-directories stdout-buffer) ...)
> (defun wait-for-sandbox (sandbox) ...)
> 
> where start-sandbox returns an opaque sandbox object running FUNCTION that wait-for-sandbox can wait for.  That should be generic enough that it's extensible and implementable on several platforms, and doesn't lock us into specific implementation choices.
> 
> If that's OK with everyone, then I'm happy to write the code for it.

I'm sorry, but I don't really understand what the above means in
practice.

What I'm missing is some details about what operations (in Emacs
terms) should not be allowed in the sandbox, and how can users take
advantage of that.  I asked more questions about this a few days ago,
but got no responses.  I don't really understand how we can
intelligently talk about using this in Emacs while we remain on the
level of file descriptors and syscalls.