Applications that run under different user-supplied constraints (cpu, memory, syscalls, file access) doesn't really feel much like having different users.
Things that are separate users by this definition:
- Every VM running under my account.
- Every docker container.
- Every SELinux process/file type combination.
- Every cgroup.
- Each CPU ring.
- Each call to pledge.
and wanting to be able to decide by myself which of these should not run under my user account, as opposed to letting the OS designer make that decision is why i can't imagine working on a single user system.
call them users or roles, doesn't matter. it is crucial that privilege separation is baked into the core and customizable by the owner of the device. at the moment i only see a mulituser system capable of doing that.
