@emily do you make use of cgroups and namespaces in a more ...nuanced way? I don't see too much use of these facilities outside of holistic containerization solutions. I think systemd might use cgroup as well.

It seems like there's possibility for building out a meaningful capability system to plug the architectural hole of standard POSIX permissions with namespaces. probably this is something \@cwebber@octodon.social knows about (not sure she'd want in on my random comment)