On Fri, Jun 12, 2015 at 04:28:06AM +0000, Nobody III wrote:

What is the state of file permissions in Genode? And what is the plan for the future?

Permissions are handled by inspecting the session label used to open the file system at the parent and routing the session to the appropriate file server. The file server can then use the label again to root the session at an appropriate location within the file system, and if the session will support modifications to files. Thats pretty much all you need.

If a user wishes to use an application that they do not trust, it probably has a very specific use case, therefore it should be easy to figure out just what files it needs to access.

If you want to share a file system between users, it wouldn't be too hard to make a server that performed file system level encryption rather than block level encryption. Each user could place one of these between them and the actual storage, which would give you pretty good assurance that you're preventing unauthorized reads and cleartext writes.

Emery