GNOME Wants To Sandbox Applications Too
In writing about the Hackfest prior to FOSDEM 2013, Alexander Larsson wrote on his blog about their new proposed security process. A fully sandboxed application would not even be able to mount the user's home directory in full. There's also talk of implementing an Intents system similar to Android for providing services like file picking, photo access, and photo sharing through the use of DBus.
The sandbox model goes hand-in-hand with the isolation model of app deployment, in the sense that whatever the app should not be able to do it will not even see. So, for a fully sandboxed app we will not even mount in the users home directory in the app namespace, rather than not having access rights to it. (We will of course also offer applications with unlimited sandboxes so that existing apps can run.)
Latest Linux Hardware Reviews
Latest Linux Articles
Latest Linux News
Latest Forum Discussions