Linked by Thom Holwerda on Tue 17th Feb 2015 21:37 UTC

It's not a secret that I've been working on sandboxed desktop applications recently. In fact, I recently gave a talk at about it. However, up until now I've mainly been focusing on the bundling and deployment aspects of the problem. I've been running applications in their own environment, but having pretty open access to the system.

Now that the basics are working it's time to start looking at how to create a real sandbox. This is going to require a lot of changes to the Linux stack. For instance, we have to use Wayland instead of X11, because X11 is impossible to secure. We also need to use kdbus to allow desktop integration that is properly filtered at the kernel level.

Thread beginning with comment 605408
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Comment by NewTron
by ssokolow on Wed 18th Feb 2015 00:39 UTC in reply to "RE[2]: Comment by NewTron"
Member since:

No, he's right.

I'm sufficiently skilled to do things properly and I still have .debs I had to manually install from previous distro releases because some closed-source game trusted the system to provide some reasonably core library like one of the libicu*.so.48 family and now it only provides a newer one like libicu*.so.52.

Reply Parent Score: 3

RE[4]: Comment by NewTron
by No it isnt on Wed 18th Feb 2015 01:14 in reply to "RE[3]: Comment by NewTron"
No it isnt Member since:

Which ones, specifically?

Reply Parent Score: 1

RE[4]: Comment by NewTron
by Delgarde on Wed 18th Feb 2015 01:18 in reply to "RE[3]: Comment by NewTron"
Delgarde Member since:

Conversely, you can get burned the other way as well.

If you install Steam on Linux, it bundles a bunch of system libraries to help emulate a particular version of Ubuntu, since that's the development target. However, if you want to run Steam on Fedora, you actually need to delete most of those bundled libraries, because they cause conflicts with system ones, breaking things like direct rendering...

Reply Parent Score: 3

RE[5]: Comment by NewTron
by tidux on Wed 18th Feb 2015 02:35 in reply to "RE[4]: Comment by NewTron"
tidux Member since:

That's Fedora packaging Steam wrong, then. Debian and Arch don't have conflicts between Steam Runtime libraries and package-managed libraries.

Reply Parent Score: 4