App sandboxing
Alexander Larsson
alexl at redhat.com
Mon Apr 11 06:58:50 UTC 2016
On sön, 2016-04-10 at 04:01 +0530, Akilan Elango wrote:
> I was working on how to ship apps regardless of the libraries present
> in the system they run on. I have written a post in wordpress . Any
> criticisms or suggestions are welcome.
xdg-app does something similar, but more complex than that. However,
what you describe just limits what parts of the filesystem parts that
the app can see and that is not what I would consider "sandboxing". You
want to limit the app much more than that. For instance access to
networking, other processes, other users, hardware devices, weird
system calls, etc.
A somewhat up-to-date of the sandboxing implementation in xdg-app is
described at:
https://wiki.gnome.org/Projects/SandboxedApps/Sandbox
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
He's a jaded bohemian waffle chef on a search for his missing sister.
She's a man-hating hip-hop mermaid who believes she is the reincarnation
of an ancient Egyptian queen. They fight crime!
More information about the xdg-app
mailing list