Linked by Thom Holwerda on Tue 17th Feb 2015 21:37 UTC

It's not a secret that I've been working on sandboxed desktop applications recently. In fact, I recently gave a talk at about it. However, up until now I've mainly been focusing on the bundling and deployment aspects of the problem. I've been running applications in their own environment, but having pretty open access to the system.

Now that the basics are working it's time to start looking at how to create a real sandbox. This is going to require a lot of changes to the Linux stack. For instance, we have to use Wayland instead of X11, because X11 is impossible to secure. We also need to use kdbus to allow desktop integration that is properly filtered at the kernel level.

Permalink for comment 605408
To read all comments associated with this story, please click here.
RE[3]: Comment by NewTron
by ssokolow on Wed 18th Feb 2015 00:39 UTC in reply to "RE[2]: Comment by NewTron"
Member since:

No, he's right.

I'm sufficiently skilled to do things properly and I still have .debs I had to manually install from previous distro releases because some closed-source game trusted the system to provide some reasonably core library like one of the libicu*.so.48 family and now it only provides a newer one like libicu*.so.52.

Reply Parent Score: 3