[ANNOUNCE] xdg-app - desktop app sandboxing system

Alexander Larsson alexl at redhat.com
Wed Jun 24 12:50:23 PDT 2015 

On ons, 2015-06-24 at 10:47 -0700, Thomas Kluyver wrote:
> Hi Jasper,
> 
> On Wed, Jun 24, 2015, at 10:23 AM, Jasper St. Pierre wrote:
> > Both of these are really cool and convenient for system updates.
> > xdg-app is simply using OSTree for its first bit, the repo bit.
> > xdg-app has its own deploy stage.
> 
> So it sounds like an application publisher would use OSTree to host
> releases, and the user uses a custom xdg-app mechanism to fetch and
> install it. This would be independent of current distro package 
> formats.
> Is that right?

The easiest explanation is to just look at an ostree repo. Take this
one of some example apps for instance: 

https://people.gnome.org/~alexl/test-apps/repo/

To use this you do:

$ xdg-app add-remote --no-gpg-verify test-apps https://people.gnome.org/~alexl/test-apps/repo/
$ xdg-app install-app test-apps org.gnome.gedit

> > When the app is deployed, its manifest of permissions is checked to
> > determine what should be mounted in the sandbox. This manifest can 
> > be
> > edited by a user at any time. Note, however, that if the app isn't
> > coded for these failure cases (it was simply using a standard Linux
> > API), it might crash outright.
> 
> I'm still a bit unclear on what the trust model is - would the user 
> be
> clearly shown the permissions manifest in an understandable format
> before they use the application, so they could see if it was trying 
> to
> do anything sneaky? Or is the idea that you trust the app author, and
> permissions are a way to limit the impact on the system if there's a
> security bug in that app?
> 
> Again, it's the vision I'm interested in - I understand that it's 
> early
> days for the project and this kind of user-visible stuff might be 
> some
> way off. But it's good to know what it's driving towards.

Right now the format is really a developer thing. But, exposing it in
an easy to understand way (and to allow overriding it) is the long term
goal.
-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
       alexl at redhat.com            alexander.larsson at gmail.com 
He's a genetically engineered small-town cop with a winning smile and a 
way with the ladies. She's a brilliant tempestuous queen of the dead who 
can talk to animals. They fight crime!

More information about the xdg mailing list