Learning about how Unix processes work, and noticed that child processes inherit most of the attributes (including file descriptors) from the parent process. I also just learned about exec and how it replaces the child process attributes with entirely new ones (new memory space, etc.), but keeps the original process ID.
Then I know about sandbox environments in Node.js, in which it provides you an essentially empty slate, and you add variables and "features" to the context of the child process.
What I'm wondering is, what the different kinds of configurations there are for the attributes a child process receives, and why the child process in Unix "defaults" to inheriting all the parent attributes. Wondering why it wouldn't instead have its own memory space and whatnot.
Also wondering if there are alternative "child process attribute configurations" to these 2 cases (inherit all parent attributes, or inherit none). Maybe it would want to inherit half of the parent address space, or use some address space from a sibling process, or use a few file descriptors from the parent as well as some of its own, etc. Maybe you say it can access a few device drivers and others not, etc.
Would be interested to know if there is a way to pass in such "configuration features" when creating a child process, either on Unix or on any other operating system. For example, "create child process, using half of parent address space, 1/4th of sibling 2's address space, 1/8th of sibling 1's address space, and the remaining 1/8th use my own local address space. Also, provide access to a, b, and c device drivers, and otherwise allow no network access." Something arbitrary, where it is basically configuring the "feature set" of the child process to a fine-level of detail.
Wondering if anything like that occurs in Unix or other operating systems, and if not, why not. I don't understand why the decision was made to just have these 2 cases of permissioning/regulating processes.
It seems this somehow overlaps with the protection ring concept. You prevent userland processes (child processes) from accessing certain features. Wondering why it's not more configurable than this, at a high level.