GNOME Makes Progress On Sandboxed Applications

Written by Michael Larabel in GNOME on 21 January 2015 at 09:19 PM EST. 11 Comments
GNOME
GNOME has quietly been working on sandboxed applications support and for GNOME 3.16 they hope to ship an initial reference runtime implementation of their new technology.

Matthias Clasen wrote a lengthy blog post tonight detailing the sandboxed applications for GNOME. The goal of sandboxed applications is to make it easy for third-parties to distribute applications that work on multiple distributions, give the applications as little access as possible to the host system, and to also make it easier to write applications.

Red Hat and GNOME developers have quietly been working on their sandboxed applications implementation and they hope to have an initial test version ready for GNOME 3.16, including integration with the GNOME Software app installer.

The sandboxed apps are built atop Linux cgroups, Linux namespaces, SELinux, KDBUS, and Wayland for providing good support. Wayland is depended upon for these sandboxed apps over X11 simply due to the X.Org/X11 Server security concerns and it being inherently insecure. KDBUS is used as the IPC mechanism.

Those wishing to learn more about GNOME's sandboxed apps work can see Clasen's blog post and the SandboxedApps Wiki page for all of the important details.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week