Results 1 to 10 of 14

Thread: GNOME Wants To Sandbox Applications Too

Hybrid View

  1. #1
    Join Date
    Jan 2007
    Posts
    14,592

    Default GNOME Wants To Sandbox Applications Too

    Phoronix: GNOME Wants To Sandbox Applications Too

    As another item that was discussed last week in Brussels during the GNOME Developer Hackfest is sandboxing of GNOME applications. GNOME developers already decided they want applications written in JavaScript but as another security measure they want to begin sandboxing applications...

    http://www.phoronix.com/vr.php?view=MTI5NDQ

  2. #2
    Join Date
    Sep 2007
    Posts
    311

    Lightbulb

    What has sandboxing to do with a specific desktop? Isn't that, what Selinux and Company is made for?

  3. #3
    Join Date
    Dec 2012
    Posts
    196

    Default

    Quote Originally Posted by oleid View Post
    What has sandboxing to do with a specific desktop? Isn't that, what Selinux and Company is made for?
    I don't see the point. With this model they're following Chrome OS apps model, which is rather limiting.

    I'd prefer to see some elegant solution on the linux desktop to emulate BlackBerry's Balance (single user with work and personal space sandboxing), which could be done with LXC, I think.

  4. #4
    Join Date
    Dec 2011
    Location
    Basement
    Posts
    389

    Default yeah?

    So the gnome and systemd cabal is pushing for an IPC mechanism in the kernel. Performance, security and features are probable gains. Can this go to mainline linux? Maybe. Attempts have failed before but this time it is another story.

    Does everybody want a linux IPC to rule them all? I doubt it.

  5. #5
    Join Date
    Sep 2009
    Posts
    119

    Default

    Unlike a lot of the GNOME team's recent botched decisions, I don't actually think this is a horrible idea. I wouldn't mind seeing sandboxed apps in a desktop computing environment, if it was done without being too annoying.

  6. #6
    Join Date
    Jun 2011
    Posts
    3

    Default Yeah right...

    given that sandboxing has worked extremely well so far everywhere else, I have complete trust that it will work this time too:
    - http://www.vupen.com/demos/VUPEN_Pwning_Chrome.php
    - http://arstechnica.com/security/2012...urity-sandbox/
    - http://www.extremetech.com/computing...a-magic-bullet
    - http://securitywatch.pcmag.com/none/...t-of-sandboxes

  7. #7
    Join Date
    Dec 2012
    Posts
    196

    Default

    Quote Originally Posted by funkSTAR View Post
    So the gnome and systemd cabal is pushing for an IPC mechanism in the kernel. Performance, security and features are probable gains. Can this go to mainline linux? Maybe. Attempts have failed before but this time it is another story.

    Does everybody want a linux IPC to rule them all? I doubt it.
    There you have Android's "binder" IPC. But they probably want something more powerful like d-bus

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •