<div dir="ltr"><div><div><div><div>Hi Matthias,<br><br>"I don't think it makes sense to develop a specific solution just for<br>
the portion of application sandboxing that happens to overlap with<br>
wayland protocol requests. The same questions need to be answered when<br>
a third-party application e.g. wants to open a file or send an email."<br><br></div>While it is true that the general security policy concern is a huge topic, and that WSM may seem to be a too-specific solution in an ecosystem where several Linux Security Modules have already been implemented, I think, however, that there is a valid use case for it.<br><br></div>We happen to have a more-than-20-years-old ecosystem of GUI applications which were using the X11 protocol. For all these years, they were allowed to exploit this protocol in various ways, which gave us the cool features we could not imagine living without today.<br></div><div><br></div><div>Then comes Wayland. It is more secure, but the cool features aren't there. Sure, each compositor can do the way it wants, but application developers are embarrassed . This potentially cripples the user experience and slows down Wayland adoption.<br><br></div><div>WSM is interesting because it only tries to cover GUI applications, which, basically, all have the same needs :<br></div>- screenshooting, screen recording, color picking....<br></div><div>- critical actions on the outputs : fullscreen, resolution change...<br></div><div>- access to a central clipboard ;<br></div><div>- replacing a vital part of the compositor (virtual keyboard, panel, systray...)<br></div><div>- ....<br><br></div><div>A Linux Security Module goes too far, has too many implications, hence why it is rarely deployed excepted on server systems. But WSM is only about GUI apps ; it precisely knows what it wants to be and which problems it tries to address. I think, personally, that WSM has a chance of success because it is pragmatic and has the privilegied timeframe for this.<br><br></div><div>Regards,<br></div><div>Manuel<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-03-09 14:30 GMT+01:00 Matthias Clasen <span dir="ltr"><<a href="mailto:matthias.clasen@gmail.com" target="_blank">matthias.clasen@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="">On Mon, Mar 9, 2015 at 1:38 AM, Manuel Bachmann<br>
<<a href="mailto:manuel.bachmann@open.eurogiciel.org">manuel.bachmann@open.eurogiciel.org</a>> wrote:<br>
<br>
> Any comments on this ?<br>
><br>
<br>
</span>I don't think it makes sense to develop a specific solution just for<br>
the portion of application sandboxing that happens to overlap with<br>
wayland protocol requests. The same questions need to be answered when<br>
a third-party application e.g. wants to open a file or send an email.<br>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><font>Regards,<br>
<br>
<i><b>Manuel BACHMANN</b><br>
Tizen Project<br>
VANNES-FR</i><br>
</font></div></div>
</div></div>