General sandbox specs?

Thomas Leonard tal00r at
Fri Mar 12 16:05:18 EET 2004

On Fri, Mar 12, 2004 at 02:48:58PM +0100, Lars Hallberg wrote:
> This is something I been wondering about sens the birth usermode linux.
> Would it be possable to build a sandbox, wher it is safe to download and 
> run untrusted binarys?

User Mode Linux would be a good place to start. You'll get problems as
soon as you try to share your display with untrusted applications, though,
so you'd basically need to run them in a sub-desktop with Xnest or
something like that:

> * For the sandbox itself, what libs etc is avalible. Possably a 
> 'dependency' standard wher each pakage can tell what they need - then 
> the underlaying distro can be asked if these dependencys exists and 
> possably offer to automaticly install dem.

For dependancies, you should take a look at (my) zero install stuff. This
will let users/sandboxes access any libraries they want without risking
the rest of the system:

> But the first question is, is it att all possably, ind if, hove is it 
> best done, and hove much effort is needed?

The actual sandboxing is quite easy, but getting trusted and untrusted
apps to integrate well is much harder (drag-and-drop, copy-and-paste,
shared file system, etc).

Thomas Leonard
tal00r at	tal197 at
GPG: 9242 9807 C985 3C07 44A6  8B9A AE07 8280 59A5 3CC1

More information about the xdg mailing list