tarcieri
commented
4 years ago I would love to see an init system with OCap security (and with it, an associated secret store) which is to init systems what seL4 is to kernels:
minimal code surface and therefore attack surface in a least authority root process which exposes POSIX "god mode" ambient authority through least authority capability wrappers. Bonus points if, in doing so, you manage to write something which is decoupled from the POSIX API and can work on natively OCap operating systems like Fuchsia and seL4
This issue is to track features of other tools that people appreciate.
In an attempt to keep this as a list, if issues are posted and you agree with it, rather than discussion on it, let's just vote :+1: or :-1: for agreement or disagreement.