WEBVTT 00:00.000 --> 00:15.000 OK, hello everyone. Welcome our next speaker, Mikhail. He will be talking about Landlock. 00:15.000 --> 00:23.600 Hello everyone. My name is Miguel Sena. So I'm a cameraman, but I'll show you some 00:23.600 --> 00:30.600 views based off, and it's talk is about using a calculator. We do a develop on the kernel. 00:30.600 --> 00:37.600 But that we use on tool called INANT. So it's about something, and they're able to 00:37.600 --> 00:42.600 help Linux users, them and users, like developers and minors one, to better what 00:42.600 --> 00:49.600 the seekers have or close. So the goal of Python is really to protect users data to 00:49.600 --> 00:55.600 use, but from software programs scripts, that may be big issues or even 00:55.600 --> 01:04.600 exploited by attackers, and that might then do what stuff that you don't want them to do. 01:04.600 --> 01:09.600 Islands uses Landlock, which is a kind of feature. I'll take a module inside the 01:09.600 --> 01:16.600 kernel, and the vanilla kernel. It is in fridge, so any user can use it. It's free, 01:16.600 --> 01:25.600 ready, favorite. And what? There's no risk for the kernel, and it's only about access control. 01:25.600 --> 01:31.600 So you cannot build like containers with it. That's not the goal, but you can restrict 01:31.600 --> 01:39.600 processes within or not within the kernel, whatever. So to make sure that we are on 01:39.600 --> 01:44.600 the same page, the definition of send mixing in this talk is really about 01:44.600 --> 01:51.600 restricting processes, and to be able to control, what to create, control 01:51.600 --> 01:56.600 execution environments, in which all of this is going to be what could be 01:56.600 --> 02:04.600 restricted to any subset of what should be allowed otherwise. So we need to create a second 02:04.600 --> 02:15.600 moment when you can run pretty much interested processes. So now a bit about Landlock. 02:15.600 --> 02:23.600 So Landlock is used by the notification right now. There are some making tools, like set 02:23.600 --> 02:30.600 preview, which is, I guess, one of the more common one. Also in J, Farjian, and other stuff. 02:30.600 --> 02:36.600 And some example of library that you can use, what you use a lot inside applications, 02:36.600 --> 02:43.600 you can use that in Rust, what CF course, go, and then you can use, well, higher 02:43.600 --> 02:50.600 level of application, in C, for instance, with smagell, and well, it was a way to describe 02:50.600 --> 02:57.600 significantly C, like when it's a pillar of a two-up, and there's a Linux library, which 02:57.600 --> 03:09.600 is inspired by that page. And so, I guess, most of you might use a lot, even if you don't 03:09.600 --> 03:15.600 use it, because the idea with Landlock is to make it available to developers and to make 03:15.600 --> 03:23.600 it kind of transparent to users. So, for instance, if you have applications, programs that 03:23.600 --> 03:32.600 have built in sandboxing with Landlock. So, yeah, it can go from desktop applications to archive 03:32.600 --> 03:41.600 manager and network services. So, the key unlock features that we like very 03:41.600 --> 03:46.600 like is that first, it is influenced. So, it means that it is very available to every user 03:46.600 --> 03:53.600 on the Linux system. We need to do not need to ask specific capabilities to be in a 03:53.600 --> 04:04.600 nayspace or whatever. And that has some consequences. And one of these consequences is 04:04.600 --> 04:13.600 instance that, the next one is all season 4. So, it's only lives as long as something 04:13.600 --> 04:21.600 works for this is live. There's no persistence on the first step. And that means what we 04:21.600 --> 04:28.600 don't, we cannot rely on file levels, because we are part of finite data. It is independent 04:28.600 --> 04:33.600 from the kind of restrictions that are hindered by this kind of, so you can use an 04:33.600 --> 04:39.600 lock with SLNX or whatever. And you can create some of this inside some of this, because 04:39.600 --> 04:45.600 this means that you might have your user session, which is sandbox with Landlock. And inside 04:45.600 --> 04:50.600 this session, you might also want to launch different applications that my sandbox 04:50.600 --> 04:56.600 itself, or you might want to create your own sandbox environment. So, and of course, 04:56.600 --> 05:02.600 well, what the cannot gives some security entities. And when it comes to cannot, one 05:02.600 --> 05:09.600 supercess is sandbox. You can escape these sandbox, just as a cannot, just cancel the 05:09.600 --> 05:15.600 sandbox, otherwise that would be useless. And yeah, I also want to allow that 05:15.600 --> 05:23.600 unlock is about access control. So, it is not about changing what possess can 05:23.600 --> 05:28.600 see, but if a possess can access a file on that, if possess can plan a connection to 05:28.600 --> 05:35.600 a size on box or not. And yeah, it really fits to the kind of 05:35.600 --> 05:43.600 semantics. So, it can a little file, so get and possess can understand. And yeah, 05:43.600 --> 05:47.600 what's again, it is ought to go to other kind of mechanisms, like in this 05:47.600 --> 05:54.600 space, access control, see groups, whatever, you can use all together there. And you should 05:54.600 --> 06:03.600 use different mechanisms at the same time. So, how does it work? Well, it is really simple. 06:03.600 --> 06:10.600 You create some box, then you kind of drop some privileges. And whatever you do after that, 06:10.600 --> 06:17.600 we will just buy me a load and not according to what you define earlier. And that is 06:17.600 --> 06:24.600 about times to three-the-digit c-scals. So, it is not not quite true sets. I will 06:24.600 --> 06:29.600 calculate the whole set and then allow for itself to restrict the constraint according to 06:29.600 --> 06:36.600 a given rule set. These are kind of the two which I will go to developers. And that 06:36.600 --> 06:41.600 enabled them to create sandbox was a basic process. And then, once this possesses 06:41.600 --> 06:47.600 sandbox, all the restrictions are inherited across new threads, new processes and new 06:47.600 --> 06:55.600 executions. Right now, there are two kind of restrictions. Some of them are implicit. 06:55.600 --> 07:03.600 Most need to be able to go with that process while buy by sandbox. So, for instance, to 07:03.600 --> 07:11.600 compare to the process, to another process and asking the process to do stuff that 07:11.600 --> 07:17.600 it cannot do itself. And they also exist rights. So, which is a way to express 07:17.600 --> 07:24.600 a security policy for the party's time, network and other kind of IPC mechanisms. 07:25.600 --> 07:34.600 The mainly two use cases. The first one is about integrating some of the thing into 07:34.600 --> 07:39.600 an application to the code of an application in a way that it is kind of transformed to 07:39.600 --> 07:45.600 users. They just use applications. And it is somewhat self. It works. Nothing is visible 07:45.600 --> 07:51.600 and everything is fine. There is no extra coefficient to manage. So, that is why 07:51.600 --> 07:56.600 really well for complex application that deal with interesting data. I like 07:56.600 --> 08:03.600 parser, for instance, web browsers and network services. The second use case is to 08:03.600 --> 08:10.600 sandbox what might be interesting programs. So, in this case, you might not own or 08:10.600 --> 08:16.600 want to change the code of a program, but you still want to restrict its execution. 08:16.600 --> 08:20.600 In this case, you want to create a security environment, sandbox. And then, in this 08:20.600 --> 08:25.600 environment, you launch your new process. So, first of all, you can use it in 08:25.600 --> 08:30.600 systems. They don't have services. Container times, they launch processes. And 08:30.600 --> 08:35.600 sandbox tools. So, in this talk, you talk about a new sandbox tool called 08:35.600 --> 08:41.600 island. Last word, but none of that. It is gaining more and more 08:41.600 --> 08:48.600 feature of a time. It is stepping up. It cannot block anything. Everything 08:48.600 --> 08:53.600 I mean. And it is getting more and more feature of a time with new can 08:53.600 --> 08:59.600 I resist. So, here are a list of what initial features I will 08:59.600 --> 09:05.600 think in the next five to thirteen. And over time, we implemented a new features 09:05.600 --> 09:11.600 more and more stuff. But, of course, it is, well, the developer or the 09:11.600 --> 09:17.600 either that can ask whatever they want to use on that. 09:17.600 --> 09:25.600 Island. Island. So, landlock is a key opportunity, set of three 09:25.600 --> 09:32.600 three-cyst codes. And it is used by developers. But, at the end of the 09:32.600 --> 09:35.600 series, I use it. Well, you might not want to always 09:35.600 --> 09:39.600 to code to just run application and second 09:39.600 --> 09:43.600 environment. So, that is why we need some tools, something 09:43.600 --> 09:47.600 tool, some boxes. And the goal of Python is ready to make it 09:47.600 --> 09:50.600 well, to make unlock easier use for masking 09:50.600 --> 09:55.600 exchanges. So, it act as high level, wrapper, and 09:55.600 --> 09:59.600 policy measure. I learned this time to be able to 09:59.600 --> 10:03.600 use it. But, in this case, mostly using terminal, you see 10:03.600 --> 10:07.600 a little why. And, well, to make it simple to use, to 10:07.600 --> 10:11.600 not think about which commands to last on box nuts. But, to 10:11.600 --> 10:15.600 configure one-self security releases. Well, for one set of 10:15.600 --> 10:19.600 programs, and then to just do you work as you do with 10:19.600 --> 10:25.600 that thing about that. So, the main properties 10:25.600 --> 10:28.600 are, say, there are some boxes, so there is no code 10:28.600 --> 10:33.600 changes from user point of view. It is based on 10:33.600 --> 10:38.600 set of compression files. And, this 10:38.600 --> 10:41.600 computational, which we see later, have good 10:41.600 --> 10:45.600 properties. They are declarative, flexible. And, 10:45.600 --> 10:49.600 made in a way, designed a way that make them easily 10:49.600 --> 10:53.600 shareable with other users, other communities, other 10:53.600 --> 10:57.600 communities, and so on. One of the important 10:57.600 --> 11:00.600 properties of item is that it is kind of context 11:00.600 --> 11:05.600 aware. In actual, it can trigger a sound box on 11:05.600 --> 11:09.600 nuts, according to the working, the 11:09.600 --> 11:12.600 directory you're working with the letter in 11:12.600 --> 11:17.600 a div. And, once a sound box is created, it is 11:17.600 --> 11:21.600 not only about unlock restrictions, but also about 11:21.600 --> 11:25.600 the stuff, which are useful for applications. 11:25.600 --> 11:28.600 For instance, set in the variable and pair, 11:28.600 --> 11:31.600 set of file keys, which I did in the 11:31.600 --> 11:35.600 person box. So, let's see the demo to make it 11:35.600 --> 11:39.600 a bit more clear. In this case, so, I 11:39.600 --> 11:42.600 installed island. You'll see later what 11:42.600 --> 11:46.600 there's all the documentation on the GitHub. And, 11:46.600 --> 11:49.600 what do you want to point is that I'm using 11:49.600 --> 11:53.600 the div h, because there's some hook, 11:53.600 --> 11:56.600 implemented for this pithic shell, which 11:56.600 --> 12:01.600 make it possible. So, I'm simple user. 12:01.600 --> 12:05.600 I have a few projects. I don't have any 12:05.600 --> 12:09.600 profile, sound box profile yet, but I have a few 12:09.600 --> 12:14.600 projects. So, let's say, well, I have the 12:14.600 --> 12:18.600 few projects. And, I want to create a sound box 12:18.600 --> 12:22.600 profile for whatever I will do in this project. 12:22.600 --> 12:26.600 And, well, there might have some dependency. So, 12:26.600 --> 12:29.600 let's say, there's the bar directory, which is 12:29.600 --> 12:36.600 also part of this project. So, this is going to 12:36.600 --> 12:39.600 create a new island profile. So, it will just 12:39.600 --> 12:43.600 create a few files on the home user home directory 12:43.600 --> 12:47.600 that will describe a sound box with default properties. 12:47.600 --> 12:51.600 And, then, after that, we can change this file of course. 12:51.600 --> 12:55.600 In this case, it's pretty simple. Just create new 12:55.600 --> 12:58.600 profile in this sound box. And, in this case, we 12:58.600 --> 13:00.600 specify two vectors. Well, by default, if you 13:00.600 --> 13:03.600 don't have a dashp, b is means a 13:03.600 --> 13:07.600 pinif. So, a file pinif, the directory. If you 13:07.600 --> 13:09.600 don't specify that, by default, take the 13:09.600 --> 13:11.600 turn-down thing directory. But, in this case, 13:11.600 --> 13:14.600 I want to add two vectors. So, the current one 13:14.600 --> 13:18.600 projects through. And, the project bar directory. 13:18.600 --> 13:21.600 So, I create that. So, the file I create it in this 13:21.600 --> 13:25.600 directory, you can see. And, the sound box 13:25.600 --> 13:28.600 will be applied for the true 13:28.600 --> 13:31.600 directory's identifying. And, because I'm already in 13:31.600 --> 13:35.600 one of them. And, the D discharge hooks are 13:35.600 --> 13:39.600 already enforced. Well, the sound box is 13:39.600 --> 13:42.600 really the balance. This not lunch yet, which 13:42.600 --> 13:45.600 means the shell is not sound box itself. But, 13:45.600 --> 13:48.600 every command that I will launch from this 13:48.600 --> 13:51.600 directory will be automatically 13:51.600 --> 13:55.600 sandboxed with the profile I just created. So, 13:55.600 --> 13:57.600 in practice, and by default, the 13:57.600 --> 13:59.600 default profile is created. Although, 13:59.600 --> 14:01.600 executing whatever you install in 14:01.600 --> 14:03.600 the system. So, whatever is in 14:03.600 --> 14:05.600 slash, there's a pin. 14:05.600 --> 14:07.600 Pin stands. And, you can 14:07.600 --> 14:11.600 must write on the directory, which has 14:11.600 --> 14:13.600 tied to this profile. In this case, 14:13.600 --> 14:15.600 the true and the bar 14:15.600 --> 14:17.600 directory. So, I can see with the 14:17.600 --> 14:19.600 controller directory. That's good. 14:19.600 --> 14:23.600 I have make file. But, for instance, 14:23.600 --> 14:25.600 I cannot see the content of the 14:25.600 --> 14:29.600 primary directory. Right? So, 14:29.600 --> 14:31.600 so, the visual and how it works is that 14:31.600 --> 14:33.600 when L.S. is launched, it creates a new 14:33.600 --> 14:35.600 process. And, this process is automatically 14:35.600 --> 14:39.600 sandboxed by iLent on the fly. And, 14:39.600 --> 14:41.600 because this unvaccinated access 14:41.600 --> 14:43.600 processes outside of the free directory, 14:43.600 --> 14:47.600 what it cannot open the directory. But, 14:47.600 --> 14:50.600 if I want to do, because I 14:50.600 --> 14:52.600 trust myself. And, I trust my 14:52.600 --> 14:54.600 shell. I can go outside of the 14:54.600 --> 14:56.600 directory and do whatever I want to. 14:56.600 --> 14:58.600 Again, get back and see what's inside, 14:58.600 --> 15:02.600 and so on. And, whenever I jump 15:02.600 --> 15:04.600 into a directory, which is 15:04.600 --> 15:08.600 configured to be sandboxed, everything 15:08.600 --> 15:10.600 that I will launch is a directory, 15:10.600 --> 15:12.600 will be sandboxed. And, 15:12.600 --> 15:14.600 if instance, well, let's say, I just 15:14.600 --> 15:18.600 download a project somewhere, 15:18.600 --> 15:22.600 an appendix with one. I do not read 15:22.600 --> 15:26.600 the meg file. But, I still want to 15:26.600 --> 15:28.600 build it. Well, in this case, I will get some error. 15:28.600 --> 15:30.600 And, that might be with. 15:30.600 --> 15:32.600 Bit with. Well, it's a bit explicit for 15:32.600 --> 15:34.600 the demo, but it's in the 15:34.600 --> 15:38.600 initial. What does this 15:38.600 --> 15:40.600 meg file, that reads your 15:40.600 --> 15:44.600 practices key? So, of course, the real 15:44.600 --> 15:46.600 attack will not be that explicit, 15:46.600 --> 15:48.600 it will be, like, released. And, just 15:48.600 --> 15:50.600 sleep yours, it's key. So, network, 15:50.600 --> 15:52.600 but that the idea. And, in this case, 15:52.600 --> 15:54.600 well, that is blocked, because 15:54.600 --> 15:56.600 cut, well, make is launched in 15:56.600 --> 15:58.600 a sandbox automatically. And, 15:58.600 --> 16:00.600 anything which is launched by 16:00.600 --> 16:02.600 make, in this case, cut, cannot 16:02.600 --> 16:06.600 read what's outside of the sandbox. 16:06.600 --> 16:10.600 And, if I do the same with the 16:10.600 --> 16:12.600 daily, which is not sandbox, and 16:12.600 --> 16:14.600 here, if I have the same, make 16:14.600 --> 16:16.600 file, of course, 16:16.600 --> 16:18.600 well, that we just dump my 16:18.600 --> 16:22.600 prerequisites key. Okay. 16:24.600 --> 16:26.600 And, how does it work? And, does it work 16:26.600 --> 16:28.600 with a programming tool? The thing is, 16:28.600 --> 16:30.600 it's not just only create 16:30.600 --> 16:32.600 sandbox with analog, but it 16:32.600 --> 16:34.600 creates a very nice action 16:34.600 --> 16:36.600 environment. And, that includes 16:36.600 --> 16:40.600 instance, a few 16:40.600 --> 16:42.600 variables which are set, which are 16:42.600 --> 16:46.600 dedicated per sandbox. In this case, 16:46.600 --> 16:48.600 you'll see, um, 16:50.600 --> 16:52.600 for instance, this XG 16:52.600 --> 16:54.600 internal variables are set for 16:54.600 --> 16:56.600 the specific sandbox. So, you can see 16:56.600 --> 16:58.600 project FUBA here, which I created. 16:58.600 --> 17:00.600 That's the same for the 17:00.600 --> 17:02.600 conversion files by default. So, that 17:02.600 --> 17:04.600 should be used by most modern applications, 17:04.600 --> 17:06.600 most modern programs. And, uh, 17:06.600 --> 17:10.600 yeah, for some data and some other stuff. 17:10.600 --> 17:12.600 And, also, in the case for, uh, 17:12.600 --> 17:16.600 the GP directory. So, um, 17:16.600 --> 17:18.600 basically, the directory, which is 17:18.600 --> 17:20.600 20, pass on box, 17:20.600 --> 17:22.600 45s, um, and the byte will 17:22.600 --> 17:26.600 can be accessed. But, of course, 17:26.600 --> 17:28.600 if you just want to read the, 17:28.600 --> 17:30.600 what, if the shell reads this 17:30.600 --> 17:32.600 environment viable, it will not 17:32.600 --> 17:34.600 get a similar view, because it's not 17:34.600 --> 17:36.600 some, but itself, right? 17:36.600 --> 17:38.600 So, 17:38.600 --> 17:42.600 and this work is the end program, 17:42.600 --> 17:44.600 is launched and then some box. So, 17:44.600 --> 17:46.600 gets a different set of environment 17:46.600 --> 17:48.600 variables. That's why, how it works 17:48.600 --> 17:50.600 well, and it's kind of a really deep 17:50.600 --> 17:52.600 to us kind of environments. 17:52.600 --> 17:56.600 Um, and, yeah, 17:56.600 --> 18:00.600 in our shell, the configuration, um, 18:00.600 --> 18:04.600 uh, files are here. So, you set a new 18:04.600 --> 18:08.600 directory, the project. 18:08.600 --> 18:10.600 Injectory, you have, uh, a file 18:10.600 --> 18:12.600 that defines what, when this 18:12.600 --> 18:14.600 box will be active data not, 18:14.600 --> 18:16.600 and then you have, um, a file 18:16.600 --> 18:18.600 to define safety rules, 18:18.600 --> 18:20.600 and then you have set of siblings, 18:20.600 --> 18:22.600 which can be changed to footage 18:22.600 --> 18:24.600 which if you want, that are, by 18:24.600 --> 18:26.600 give or create it, uh, for this 18:26.600 --> 18:28.600 specific sandbox. 18:30.600 --> 18:32.600 Okay, so, I'll go, 18:32.600 --> 18:34.600 quickly through doctrinal limitations. 18:34.600 --> 18:36.600 Um, so why not, if you're 18:36.600 --> 18:38.600 reading that on, um, 18:38.600 --> 18:40.600 let's hear recent more than 18:40.600 --> 18:42.600 desktop, you might not have full 18:42.600 --> 18:44.600 resolution, because there are some 18:44.600 --> 18:46.600 use services that might be 18:46.600 --> 18:48.600 code, but any processes, 18:48.600 --> 18:50.600 insights is session. Um, 18:50.600 --> 18:52.600 and that same for topics, because what, 18:52.600 --> 18:54.600 we can use, uh, so gets to, 18:54.600 --> 18:56.600 cool this kind of stuff, and as you 18:56.600 --> 18:58.600 could also have some docs. So, um, 18:58.600 --> 19:00.600 that's okay. That will be handled, um, 19:00.600 --> 19:04.600 with upcoming innovations. Um, 19:04.600 --> 19:06.600 yeah. So, the thing is, 19:06.600 --> 19:08.600 now we can get more and more 19:08.600 --> 19:10.600 of it over time, uh, but it's really interesting 19:10.600 --> 19:12.600 to have this kind of feature, to get ready, 19:12.600 --> 19:14.600 to use it, to get your own profiles, 19:14.600 --> 19:16.600 and scale policies. Um, and even if, 19:16.600 --> 19:18.600 well, even for normal use cases, 19:18.600 --> 19:20.600 without running malicious, uh, 19:20.600 --> 19:22.600 all-interested processes, programs, 19:22.600 --> 19:24.600 uh, in my view, to create, uh, 19:24.600 --> 19:26.600 simple environment for the 19:26.600 --> 19:28.600 automatically, uh, you on caution files, 19:28.600 --> 19:30.600 or you on, uh, build system, 19:30.600 --> 19:34.600 or whatever you want. Um, 19:34.600 --> 19:36.600 I'd go with it quickly on the 19:36.600 --> 19:38.600 non-lock coffee, five formats, 19:38.600 --> 19:40.600 so that the format you use to define a 19:40.600 --> 19:42.600 signal policy. Um, 19:42.600 --> 19:44.600 so in cell, 19:44.600 --> 19:46.600 you can have set of variables to make it 19:46.600 --> 19:48.600 kind of flexible, and then 19:48.600 --> 19:50.600 define set of files that 19:50.600 --> 19:52.600 through, uh, my wants to allow 19:52.600 --> 19:54.600 to in this case, um, 19:54.600 --> 19:56.600 slash V, and so on, to be able to, uh, 19:56.600 --> 19:58.600 read and execute the content of 19:58.600 --> 20:00.600 the five guarantees. 20:00.600 --> 20:02.600 And also five, uh, 20:02.600 --> 20:04.600 uh, fact is that you want to be able to 20:04.600 --> 20:06.600 read and write and to them, so 20:06.600 --> 20:08.600 when it's time to temp the 20:08.600 --> 20:10.600 factories, and, um, 20:10.600 --> 20:14.600 but, 20:14.600 --> 20:16.600 so yeah, there's a full 20:16.600 --> 20:18.600 recommendation for that. Um, 20:18.600 --> 20:20.600 there are really nice properties, uh, 20:20.600 --> 20:22.600 you can share 20:22.600 --> 20:24.600 these files, uh, 20:24.600 --> 20:26.600 these declarative, 20:26.600 --> 20:28.600 the remedies, and we can create 20:28.600 --> 20:30.600 independent, uh, 20:30.600 --> 20:32.600 configurations, and it's, yeah, 20:32.600 --> 20:34.600 initially flexible, uh, 20:34.600 --> 20:36.600 uh, please, 20:36.600 --> 20:38.600 can compose them, which is, uh, 20:38.600 --> 20:40.600 kind of specific, but pretty useful if you want to share them again. 20:40.600 --> 20:42.600 Um, 20:42.600 --> 20:44.600 and yeah, so times up, 20:44.600 --> 20:46.600 I wrap up, you can try 20:46.600 --> 20:48.600 islands, uh, 20:48.600 --> 20:50.600 I would just give you a 20:50.600 --> 20:52.600 critical letter, uh, 20:52.600 --> 20:54.600 that's a few lines you have to type to 20:54.600 --> 20:56.600 install it for your user session. 20:56.600 --> 20:58.600 Uh, here's how 20:58.600 --> 21:00.600 islands design to protect you, 21:00.600 --> 21:02.600 protect users that want to be protected. 21:02.600 --> 21:04.600 Um, it's dedicated to Linux users, 21:04.600 --> 21:06.600 and the idea is to make it easy 21:06.600 --> 21:08.600 to use enough to think about something 21:08.600 --> 21:10.600 when you compute, uh, 21:10.600 --> 21:12.600 just single policies. 21:12.600 --> 21:14.600 That's it. 21:14.600 --> 21:16.600 Thank you. 21:16.600 --> 21:18.600 Thank you. 21:22.600 --> 21:24.600 We've got two minutes for a question. 21:24.600 --> 21:26.600 So, you want to see first? 21:26.600 --> 21:28.600 Uh, so is it based 21:28.600 --> 21:30.600 through the current working directory of 21:30.600 --> 21:32.600 the process that's being launched? 21:32.600 --> 21:36.600 So, for example, if you are in the parent directory of 21:36.600 --> 21:38.600 the directory that contains that make file, 21:38.600 --> 21:40.600 and you do like make dash 21:40.600 --> 21:42.600 at, you know, and then, you know, 21:42.600 --> 21:44.600 the sub-director, so you're outside the island, 21:44.600 --> 21:46.600 but then the files inside the island, 21:46.600 --> 21:48.600 it's the current, 21:48.600 --> 21:50.600 the actual policy being applied to the process, 21:50.600 --> 21:52.600 based on the current working director, 21:52.600 --> 21:54.600 which is outside the island, correct? 21:54.600 --> 21:56.600 Yeah. So, the idea that the user 21:56.600 --> 21:58.600 is, it's, it's twisted because 21:58.600 --> 22:00.600 you want to protect itself, 22:00.600 --> 22:04.600 and so that's the way to make it easy to use 22:04.600 --> 22:06.600 sandbox. So, another way to the island is to, 22:06.600 --> 22:08.600 to go island, run, and your program, 22:08.600 --> 22:10.600 but by default, to whitewalk, see that, 22:10.600 --> 22:12.600 just taking to account, 22:12.600 --> 22:14.600 the shell, the shell, taking to account, 22:14.600 --> 22:16.600 the current working directory, 22:16.600 --> 22:18.600 and according to the directory, 22:18.600 --> 22:22.600 look for an existing sandbox for file 22:22.600 --> 22:24.600 that matches the directory. 22:24.600 --> 22:26.600 So, whatever you launch, 22:26.600 --> 22:28.600 when, in your shell, you are in 22:28.600 --> 22:30.600 the directory with these sandbox, 22:30.600 --> 22:32.600 if you launch it, outside of the directory, 22:32.600 --> 22:34.600 it will not be the sandbox, 22:34.600 --> 22:36.600 by default, I mean. 22:36.600 --> 22:38.600 Okay, so, in that case, 22:38.600 --> 22:40.600 like, in practice, you would probably want to go into that, 22:40.600 --> 22:42.600 your island directory, 22:42.600 --> 22:44.600 and then run your shell, 22:44.600 --> 22:46.600 and then you're properly isolated for every. 22:46.600 --> 22:48.600 Yeah, but you want to, yeah, 22:48.600 --> 22:50.600 the idea is to go to your workspace for your project, 22:50.600 --> 22:52.600 and do that, do whatever you want, 22:52.600 --> 22:54.600 you need to build whatever, 22:54.600 --> 22:56.600 and then switch on the directory, 22:56.600 --> 22:58.600 and it will do what he switch on as a profile. 22:58.600 --> 23:00.600 Thank you. 23:02.600 --> 23:04.600 Thank you very much. 23:04.600 --> 23:06.600 How well does it integrate with 23:06.600 --> 23:08.600 like system processes, 23:08.600 --> 23:10.600 and in particular, can I use it 23:10.600 --> 23:12.600 to ditch like protected systems 23:12.600 --> 23:13.600 as a second base, 23:13.600 --> 23:15.600 and run my system services, 23:15.600 --> 23:17.600 the system D was island. 23:17.600 --> 23:18.600 So, with that, 23:18.600 --> 23:20.600 the working question to integrate 23:20.600 --> 23:23.600 a non-lock within system D, 23:23.600 --> 23:25.600 using the same coefficient of five formats. 23:25.600 --> 23:28.600 But, it is not based on island, 23:28.600 --> 23:30.600 island is only the sandbox at two, 23:30.600 --> 23:32.600 and the system D will use, 23:32.600 --> 23:35.600 well, the idea is to make it use the same five formats, 23:35.600 --> 23:36.600 but not island, 23:36.600 --> 23:37.600 because island is only part, 23:37.600 --> 23:39.600 use the fishing interface. 23:40.600 --> 23:41.600 Okay, so we are out of the line. 23:41.600 --> 23:42.600 Thank you for the question. 23:42.600 --> 23:43.600 Thank you for the dog. 23:43.600 --> 23:44.600 Thank you.