While reading Bryan Cantrill's slides from Papers We Love NYC, I was struck by something. One of the very first slides says:
The traditional UNIX security model is simple but inexpressive.
The papers go on to describe a progression of techniques to isolate processes from the host environment to greater and greater degrees. It began with the ancient precursor 'chroot', through Jails, and Zones. Each builds upon the previous work to improve the degree of isolation.
We've seen a parallel series of efforts in the Linux realm with virtual machines and containers.
However!
All of these are introduced to restore the degree of isolation and resource control that was originally present in mainframe operating systems. Furthermore, it was the model that Multics was meant to supply.
Unix started with a simplified security model, meant for single user machines. It was "dumbed down" enough to be easy to implement on the limited machines of the day.
Zones, VMs, containers… they're all ways to redeem Unix from its original sin. Maybe what we should look at is a better operating system?