-
by default all new writes go to a directory per "session" where a session is one alacritty window, one run of firefox, etc.
- each session sees its own ~
- create a new mountpoint every time I launched a new application "session"
- on the physical disk, it looks like:
- /home/grahamc/homes/2020-11-26T22:12:01-firefox
-
some files poke through from a "real" ~: .zshrc, .gitconfig, or more depending on authority that can be dynamically granted to the session
- example: firefox has a special grant to read ~/.mozilla
-
grants can be added to a session dynamically, and the fuse filesystem pokes it through in the existing ~
share-with 5min firefox ./invoice.pdf
- this is critical:
- long term grants are almost never wanted
- static grants means you suffer through bad UX (restarting a lot) or issuing massively over-privileged grants to start with
-
grants are signed certificates
- signing key lives on a yubikey
- extending grants requires tapping the token: impossible to manipulate without breaking out of the ~ sandbox
- certificates have built-in expiration dates
- also have built-in idea of "what is this valid for?"
- certificates would be issuable for two levels:
- a store path: firefox should always get access to
~/.mozilla
- a store path + session ID: this alacritty terminal should get access to
invoices