Announcement

Collapse
No announcement yet.

LibreOffice Is Now One Of The First Major Linux Desktop Apps With A Flatpak

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • zanny
    replied
    Originally posted by RahulSundaram View Post

    Sure but Apparmor is distro specific.
    Only insofar as Red Hat doesn't make it available in their kernel. It comes stock in Suse and Ubuntu and you can get Apparmor kernels / profiles third party on Debian / Arch.

    I can easily see a market for Apparmor -> SELinux profile conversion so we can standardize on one MAC archive format, that software can distribute upstream and have packaged accordingly.

    Leave a comment:


  • RahulSundaram
    replied
    Originally posted by zanny View Post

    Apparmor profiles distributed in packages are effective sandboxing.
    You can argue semantics but either is a path to isolation.
    Sure but Apparmor is distro specific.

    Leave a comment:


  • zanny
    replied
    Originally posted by RahulSundaram View Post

    Distro package managers have no sandboxing and they are distro specific.
    Apparmor profiles distributed in packages are effective sandboxing. At least, they almost are, they only restrict file access when they should be restricting more generally discrete device access (which would include network, input, cameras, etc).

    Apparmor at least to my knowledge does have network permissions. Of course, it is an alternative avenue to the goal from what something like Docker does - in one direction you take the free for all permissions of Unix and try to restrict them more, in the other you isolate everything and add back in access.

    You can argue semantics but either is a path to isolation.

    Leave a comment:


  • RahulSundaram
    replied
    Originally posted by cj.wijtmans View Post
    Is it possible to run flatpack apps inside flatpack sandboxed apps? Steam could use something like docker also.
    flatpak has runtime and apps sep for this purpose.

    Leave a comment:


  • RahulSundaram
    replied
    Originally posted by cj.wijtmans View Post
    Does it have 1 or 2 pms? Now that i think about it you need two. One for the sandboxed apps and one that manages system tools and libraries. Otherwise htop for example would not work sandboxed.
    It would work fine with the appropriate access control. sys call filtering etc. sandboxing is a optional feature.

    Leave a comment:


  • cj.wijtmans
    replied
    Is it possible to run flatpack apps inside flatpack sandboxed apps? Steam could use something like docker also.

    Leave a comment:


  • cj.wijtmans
    replied
    Originally posted by higuita View Post

    not directly flatpak, but rancherOS is a pid 1 docker, where ALL apps run inside docker containers, so each app can be isolated from the next one.

    My main issue with flatpak is coming from gnome devs... i don't trust then, as i don't trust systemd, pulseaudio devs... Everytime i see something coming from oracle, redhat, apple or microsoft, i step back and try to see the bigger picture... not that everything they do is bad, but they fucked up the final user several times already to improve their business, so i don't trust then
    Does it have 1 or 2 pms? Now that i think about it you need two. One for the sandboxed apps and one that manages system tools and libraries. Otherwise htop for example would not work sandboxed.

    Leave a comment:


  • RahulSundaram
    replied
    Originally posted by higuita View Post

    not directly flatpak, but rancherOS is a pid 1 docker, where ALL apps run inside docker containers, so each app can be isolated from the next one.

    My main issue with flatpak is coming from gnome devs... i don't trust then, as i don't trust systemd, pulseaudio devs... Everytime i see something coming from oracle, redhat, apple or microsoft, i step back and try to see the bigger picture... not that everything they do is bad, but they fucked up the final user several times already to improve their business, so i don't trust then
    How are running the Linux kernel then? It is driven primarily by commercial organizations these days.

    Leave a comment:


  • RahulSundaram
    replied
    Originally posted by cj.wijtmans View Post
    They both sandbox apps.
    Many many different operating systems have sandboxing. It isn't something android specific and flatpak sandboxing doesn't work like android at all.

    Leave a comment:


  • higuita
    replied
    Originally posted by cj.wijtmans View Post
    why not make flatpackOS while you are at it?
    not directly flatpak, but rancherOS is a pid 1 docker, where ALL apps run inside docker containers, so each app can be isolated from the next one.

    My main issue with flatpak is coming from gnome devs... i don't trust then, as i don't trust systemd, pulseaudio devs... Everytime i see something coming from oracle, redhat, apple or microsoft, i step back and try to see the bigger picture... not that everything they do is bad, but they fucked up the final user several times already to improve their business, so i don't trust then

    Leave a comment:

Working...
X