Announcement

Collapse
No announcement yet.

XDG-App Continues Maturing For GNOME App Sandboxing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • XDG-App Continues Maturing For GNOME App Sandboxing

    Phoronix: XDG-App Continues Maturing For GNOME App Sandboxing

    The past few months have been very busy for Alexander Larsson and other GNOME developers leading the charge on XDG-App, their approach for sandboxing desktop applications...

    http://www.phoronix.com/scan.php?pag...Christmas-2015

  • #2
    xdg-app is a cross-desktop solution, not only for GNOME. And most of the benefits are available without kdbus, so it does not 'depend on it'.
    Last edited by jonnor; 12-17-2015, 05:35 PM. Reason: EDIT: *not only* for GNOME

    Comment


    • #3
      Originally posted by jonnor View Post
      xdg-app is a cross-desktop solution, only for GNOME.
      seriously?

      Comment


      • #4
        Originally posted by jonnor View Post
        And most of the benefits are available without kdbus, so it does not 'depend on it'.
        The sandboxing is done with a set of technologies, including:
        • cgroups
        • namespaces
        • selinux
        • kdbus
        • wayland (because X11 is inherently insecure)

        In particular, kdbus is very important as it allows us to have an efficient very expressive IPC mechanism with access-validation by the kernel.
        https://wiki.gnome.org/Projects/SandboxedApps

        Can't wait for the first people in this thread complaining that this is Linux-only technology.
        Last edited by MoonMoon; 12-17-2015, 05:39 PM.

        Comment


        • #5
          Originally posted by karolherbst View Post
          seriously?
          Sorry, was supposed to say *not* only for GNOME... Fixed now.

          Comment


          • #6
            Originally posted by MoonMoon View Post

            https://wiki.gnome.org/Projects/SandboxedApps

            Can't wait for the first people in this thread complaining that this is Linux-only technology.
            sandboxing is optional for xdg-app

            Comment


            • #7
              kdbus is not necessary for xdg-app sandboxing, we have a user-space dbus filtering mechanism. It introduces another level of indirection for dbus, so a kernel bus would be nice though.

              But yeah, it uses other things that are definately linux-only.

              Comment


              • #8
                Originally posted by alexl42 View Post
                kdbus is not necessary for xdg-app sandboxing, we have a user-space dbus filtering mechanism. It introduces another level of indirection for dbus, so a kernel bus would be nice though.

                But yeah, it uses other things that are definately linux-only.
                Hi alexl42, I want to say thank you very much for the great work you've been doing for Linux.
                Did you really just create an account only to answer the wining complainers that hang out in these forums?

                Comment


                • #9
                  Originally posted by jntesteves View Post

                  Hi alexl42, I want to say thank you very much for the great work you've been doing for Linux.
                  Did you really just create an account only to answer the wining complainers that hang out in these forums?
                  Thanks.

                  Yeah, I have high hopes for kdbus, but it seems it'll be a while before it will be there, so I just want to ensure xdg-app doesn't get struck with the idea that it has to wait for kdbus before its useful. So, need to take care of the whiners...

                  Comment

                  Working...
                  X