Xdg-App Announced For Desktop App Sandboxing
Alexander Larsson has formally announced xdg-app today as the desktop app sandboxing system for GNOME environments.
Larsson announced, "xdg-app is a desktop and distribution-independent application bundling and system for Linux. It uses user namespaces and the kernel container technologies to run applications in a sandboxed environment without any kind of root privileges or setuid required. It also features a user-space dbus filter with policies that are compatible with kdbus."
Xdg-app is still under active development but reached a state where more Linux users can begin trying it out. Larsson has been working on this project for months with sandboxing GNOME apps and back in February reaching the point of the first fully-sandboxed app using this open-source stack.
Over on the GNOME Wiki are more details on their sandboxed apps stack. Their tech stack relies on cgroups, namespaces, SELinux, KDBUS, and Wayland.
Larsson announced, "xdg-app is a desktop and distribution-independent application bundling and system for Linux. It uses user namespaces and the kernel container technologies to run applications in a sandboxed environment without any kind of root privileges or setuid required. It also features a user-space dbus filter with policies that are compatible with kdbus."
Xdg-app is still under active development but reached a state where more Linux users can begin trying it out. Larsson has been working on this project for months with sandboxing GNOME apps and back in February reaching the point of the first fully-sandboxed app using this open-source stack.
Over on the GNOME Wiki are more details on their sandboxed apps stack. Their tech stack relies on cgroups, namespaces, SELinux, KDBUS, and Wayland.
19 Comments