> there’s no way you can restrict mysubdomain.foo.com/phonehome vs mysubdomain.f... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

		Jyaif 6 hours ago \| parent \| context \| favorite \| on: Comparing Fuchsia components and Linux containers ... > there’s no way you can restrict mysubdomain.foo.com/phonehome vs mysubdomain.foo.com/normal Of course you can! With capabilities you can tell a program: "if you want to communicate with the external world here's the only function you can use : `void postToMySubDomainSlashWhatever(char* payload, size_t size)`

vlovich123 5 hours ago [–]

Ok great. Now I put the phone home stuff within payload. It’s a game of whackamole you’re bound to lose. Like I said - if I control both endpoints, it’s going to be very hard for you to simultaneously give me a pipe connecting them while controlling the set of messages I’m allowed to send.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact