Confinement

Confinement is the sandbox model in Peios — a policy applied to an application from outside that narrows what its token can reach, even past what privileges would normally bypass. This page covers what confinement is, who it is for, and how it differs from the restricted-token model.

A confined application declares what it can reach as a set of capability SIDs. Each capability names a kind of resource. This page covers the structure of capability SIDs, the well-known capabilities, derived capabilities, and the difference between normal and strict confinement modes.

Confinement is enforced at step 11 of the access-check pipeline as an absolute intersection. The kernel re-walks the DACL against the confinement identity and removes any bits the confinement identity would not have been granted independently. This page covers the mechanics — when it fires, what it intersects against, what does and does not bypass it.

A capability SID is just a SID. Where it sits on a token determines what it does. Placed in the normal groups list, the same capability SID that would narrow access in a confined token now grants access through the ordinary DACL walk. This convention — positive confinement — is the canonical pattern in Peios for managing service access at scale.