On Wed, 14 Feb 2024 06:52:53 -0800 Dave Hansen <dave.hansen@xxxxxxxxx> wrote: > On 2/14/24 03:35, Petr Tesarik wrote: > > This patch series implements x86_64 arch hooks for the generic SandBox > > Mode infrastructure. > > I think I'm missing a bit of context here. What does one _do_ with > SandBox Mode? Why is it useful? I see, I split the patch series into the base infrastructure and the x86_64 implementation, but I forgot to merge the two recipient lists. :-( Anyway, in the long term I would like to work on gradual decomposition of the kernel into a core part and many self-contained components. Sandbox mode is a useful tool to enforce isolation. In its current form, sandbox mode is too limited for that, but I'm trying to find some balance between "publish early" and reaching a feature level where some concrete examples can be shown. I'd rather fail fast than maintain hundreds of patches in an out-of-tree branch before submitting (and failing anyway). Petr T
