Amazing how you appear to not know shit about how software is actually deployed and used in the real world. There is no such thing as "trusted process" in the modern world, with modern software complexity.

The main point here is that the "trusted productivity software" in actual reality is rarely if ever a paragon of code quality and intelligent design so you lock it down as well as you can to prevent it from screwing up everything else in case it is compromised or blows up on its own.

For example, on Windows servers it's extremely common to run each software inside its own VM in a server running VMWare Esxi hypervsor. Which is extremely wasteful and dumb, but hey that's what you can do in Windows land.

On Linux there are containers (lxc, Docker and friends), and Flatpak is the "consumer application equivalent" of containers.

It's amazing how many security sandbox & container options we have now. Off the top of my head:

Desktop app sandboxing:

• Flatpak
• Snaps

General app sandboxing:

• Apparmor
• SELinux with that MAC stuf
• The systemd container and nspawn stuff

Guest operating systems in a box:

• Docker
• LXC & LXD
• VirtualBox
• VMWare
• KVM
• Xen

With that last category above, it's hard for me to know what to pick when I need a guest VM. At present I tend towards using whichever option has the best documentation for whatever distro I'm using and also has the features I need. Except I wont use VMWare because it's proprietary. I prefer software which isn't shrouded in secrets, threats of violence & restrictions.

I think the LXC stuff and the systemd stuff is using largely the same underlying kernel APIs (cgroups, capabilities & namespaces etc).

That's kind of inaccurate.

Snap isn't usually sandboxing anything, it can do so but they don't usually do it as its less developed in that regard. Flatpak applications from flathub are as sandboxed as possible and in general flatpak has better sandboxing features.

Apparmor and SELinux are more like application permission frameworks, like a system resources firewall, they lock down access to resources an application should NOT have access to. But they aren't true sandboxing as they have to let the application access resources it needs.

Systemd containers and nspawn are full app sanboxing aka "containers". A "container" as defined is "application+as little userspace as it needs to run" in a sandbox.
They use the same kernel as the host system but apart from that they are completely self-sufficient, hence they are a true sandbox.
They are not a true VM as they don't run a kernel and are usually faster and have better performance than a VM as there is no middleman guest kernel between the payload application and the host kernel.

Docker, LXC and LXD are NOT "guest operating systems in a box" so you cannot group them together with conventional virtualization software. They are also containers.

Also, if we want to be picky, Virtualbox and VMWare Player/workstation are "desktop virtualization" applications, i.e. applications designed to run inside a PC operating system. They have a decently user-friendly graphical user interface you can use to do all you need, as their focus is dealing with more casual users.

KVM and Xen (and VMWare Esxi/Vsphere/whatever, which you did not mention but does deserve a mention here) are bare-metal hypervisors, virtualization software that isn't running in a PC operating system (KVM and Xen turn the Linux kernel into the hypervisor, so you can actually use them like a "desktop virtualization" application, but the rest of the OS isn't strictly required for them to function). They are much more powerful than the "desktop virtualization" applications, but have worse user interface, may have hardware limitations (Xen can only passthrough the Quadro NVIDIA cards for example, while it has no issue with any AMD cards), and are generally supposed to be used in a server by a skilled operator. At least they have decent documentation and a community of skilled people you can ask help to if you have issues.

Yes, also Flatpak/Snaps and Docker use the same system when they sandbox.

They may also use AppArmor or SELinux in addition to that.

Amazing how you appear to not know shit about how software is actually deployed and used in the real world. Your shitty server world is not the real world for consumers, get over it.

How can it get compromised if it has no internet access to begin with and you won't just run any downloaded file through without scanning it?

Clearly consumer = single user machine.

1% is not "extremely common" and nobody gives a shit about servers. But I should have expected it's all you can talk about.

Maybe I should put up a signature to clarify to never use the word "server" when arguing against a point made in my post, since people can't seem to think outside of their tiny server micro-land and it's definitely what I am not talking about.

Exactly why snap > flatpak in practice.

What part of "won't just run any downloaded file through without scanning it" was not clear for your tiny brain?

Took the words out of my mouth.

Feeling bipolar again? I thought you liked my posts cause they amused you.

I, on the other hand, would definitely welcome you getting banned or shutting the fuck up forever because there's only two things that really gets to me online, and that's clueless morons, and retarded kids. You manage to be both at once.

Because you can run untrusted applications that exploit it because it's a fucking service you idiot. Those untrusted applications are sandboxed at least to your files if not anything else. It's not like libraries that are confined to the application's address space and rights (are basically part of it when loaded).

Who the fuck runs a browser unsandboxed? I specifically fucking said your trusted apps that DO NOT HAVE INTERNET ACCESS is what you don't sandbox, to reduce overhead and all. Browser doesn't fit offline-app and neither "trusted" categories since it executes 3rd party code (websites), so the fact you used it as an example proves just how PATHETICALLY DESPERATE you are.

Actually, you know what, I'm ignoring you again. Too much waste of time repeating what I already said because you're a retarded moron who omits it. TWICE ALREADY.

As for documents: perhaps this shows the difference at work here. I don't get my "documents" from shady websites pal.

For you and other dummies that click on everything, there isn't for sure. Imagine how sad your life must be to sandbox even a basic text editor.

You'd best also disable all your distro software and repos since it's not usually sandboxed. Who knows right?

Then open it in a container or VM. Logically, the overhead is only one time when you verify it, so no problem.

Again a claim. If you want this shit to be fact, then prove that my machine is compromised, damn twat.

You? As you're so opposed to sandboxing...

Please, seriously, stop feeding him. This thread and the ZFS one have very interesting comments, can't we just ignore him? Cheers.

Indeed! My first experience with that was with Gnome/Enlightenment back around 2000'ish. Back then I "hated Gnome" (actually hate it more now, but for different reasons) but that implementation paired with Enlightenment was great. It had the most awesome shaped window decorations too. My workflow got used to being able to slide around virtual desktops like that. Then, Gnome changed again (had its own window manager, "sawfish" or some shite)... and when Gnome 2.0 came out I couldn't stand that.

So I moved to AfterStep, which in 1.8.x, could be configured to have interconnected workspaces (and multiple desktops of interconnected workspaces but I liked one) in a 4x4 square that I could move around horizontally and vertically at screen edges, and diagonally by moving through the corners. It even had compile time settings to make the desired geometry the defaults. Then AfterStep 2.0 came out and they wrecked it. It actually fought against me with rigid boundaries that were "always on top" wasting my screen real estate. You didn't hear much about AfterStep after that.

After that I moved to XFCE, which back then was a lot like CDE in layout and functionality (super light weight and fast too, GTK 1.x based). It let me slide around virtual desktops, though not in a square. I still use that for my work environment, though I've really softened to KDE Plasma 5, which I use for goofing off in my gaming setup. (which also can move to desktops at screen edges but that plays Hell with input devices in some games so I can't use it)