Linked by Thom Holwerda on Wed 6th Feb 2013 12:29 UTC, submitted by Anonymous
Gnome "Some GNOME developers are planning to implement an app format that allows developers to provide their Linux programs in distribution-independent files that can be installed as easily as smartphone apps. A sandbox model is supposed to isolate the apps from each other, and from the rest of the system, in a way that goes further than the isolation in current Linux distributions. Various developers worked to conceptualise such "Linux apps" at the GNOME Developer Experience Hackfest, which was held in the run-up to FOSDEM 2013 in Brussels. At the hackfest, the GNOME developers also declared JavaScript as the de-facto standard for GNOME programming." Right, because they haven't alienated enough of their users.
Permalink for comment 551787
To read all comments associated with this story, please click here.
RE[2]: Sandboxing
by oiaohm on Thu 7th Feb 2013 11:53 UTC in reply to "RE: Sandboxing"
Member since:

"I wonder what this will do that doesn't?

Yeah, I was thinking the same (actually, I think that every time someone comes up with yet another contained distribution method but I digress..). 0install is rather neat and is by now pretty mature and stable.
NIH maybe?

0install is not using cgroups feature of the Linux kernel. The new one is using cgroups. This does make some major differences in implementation.

cgroups the filesystem namespace allows /opt/bundle to contain each individual application files. Yes each application bundle what is in the directory /opt/bundle is different and owns to them. So packages applications can use static paths to their resources and libraries. Oinstall applications are forced to use dynamic paths.

Cgroups also it allows live tracking by default if an application is running and absolute termination of program and every program it started. Also provide resource access limits even hide other running processes on the system from the application. All with quite min overheads.

Yes the fact each running application in this package management cannot see each other. This is again different to 0install.

Oinstall does have higher overhead than using the kernel built in feature of cgroups. yes have a good read Soulbender. It does quite a few things better than 0install in design.

Thing is this gnome option is never going to be portable to other platforms out side something Linux..

The cgroup file system alteration features did not exist when Oinstall was invented.

You might call this a tech updated Oinstall that has the option of integrating better and support building most existing Linux applications without require source code alteration. Again lot of applications with 0install requirement for dynamic prefix require quite major alterations to work with 0install.

In fact the warping that Glick2 is doing in theory could allow you to cgroup a completely different distribution to install there applications.

Reply Parent Score: 4