[ANNOUNCE] xdg-app - desktop app sandboxing system

Alexander Larsson alexl at redhat.com
Wed Jun 24 12:50:23 PDT 2015

On ons, 2015-06-24 at 10:47 -0700, Thomas Kluyver wrote:
> Hi Jasper,
> On Wed, Jun 24, 2015, at 10:23 AM, Jasper St. Pierre wrote:
> > Both of these are really cool and convenient for system updates.
> > xdg-app is simply using OSTree for its first bit, the repo bit.
> > xdg-app has its own deploy stage.
> So it sounds like an application publisher would use OSTree to host
> releases, and the user uses a custom xdg-app mechanism to fetch and
> install it. This would be independent of current distro package 
> formats.
> Is that right?

The easiest explanation is to just look at an ostree repo. Take this
one of some example apps for instance: 


To use this you do:

$ xdg-app add-remote --no-gpg-verify test-apps https://people.gnome.org/~alexl/test-apps/repo/
$ xdg-app install-app test-apps org.gnome.gedit

> > When the app is deployed, its manifest of permissions is checked to
> > determine what should be mounted in the sandbox. This manifest can 
> > be
> > edited by a user at any time. Note, however, that if the app isn't
> > coded for these failure cases (it was simply using a standard Linux
> > API), it might crash outright.
> I'm still a bit unclear on what the trust model is - would the user 
> be
> clearly shown the permissions manifest in an understandable format
> before they use the application, so they could see if it was trying 
> to
> do anything sneaky? Or is the idea that you trust the app author, and
> permissions are a way to limit the impact on the system if there's a
> security bug in that app?
> Again, it's the vision I'm interested in - I understand that it's 
> early
> days for the project and this kind of user-visible stuff might be 
> some
> way off. But it's good to know what it's driving towards.

Right now the format is really a developer thing. But, exposing it in
an easy to understand way (and to allow overriding it) is the long term
 Alexander Larsson                                            Red Hat, Inc 
       alexl at redhat.com            alexander.larsson at gmail.com 
He's a genetically engineered small-town cop with a winning smile and a 
way with the ladies. She's a brilliant tempestuous queen of the dead who 
can talk to animals. They fight crime! 

More information about the xdg mailing list