Announcement

Collapse
No announcement yet.

LibreOffice Is Now One Of The First Major Linux Desktop Apps With A Flatpak

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by cj.wijtmans View Post
    Does it have 1 or 2 pms? Now that i think about it you need two. One for the sandboxed apps and one that manages system tools and libraries. Otherwise htop for example would not work sandboxed.
    It would work fine with the appropriate access control. sys call filtering etc. sandboxing is a optional feature.

    Comment


    • #22
      Originally posted by cj.wijtmans View Post
      Is it possible to run flatpack apps inside flatpack sandboxed apps? Steam could use something like docker also.
      flatpak has runtime and apps sep for this purpose.

      Comment


      • #23
        Originally posted by RahulSundaram View Post

        Distro package managers have no sandboxing and they are distro specific.
        Apparmor profiles distributed in packages are effective sandboxing. At least, they almost are, they only restrict file access when they should be restricting more generally discrete device access (which would include network, input, cameras, etc).

        Apparmor at least to my knowledge does have network permissions. Of course, it is an alternative avenue to the goal from what something like Docker does - in one direction you take the free for all permissions of Unix and try to restrict them more, in the other you isolate everything and add back in access.

        You can argue semantics but either is a path to isolation.

        Comment


        • #24
          Originally posted by zanny View Post

          Apparmor profiles distributed in packages are effective sandboxing.
          You can argue semantics but either is a path to isolation.
          Sure but Apparmor is distro specific.

          Comment


          • #25
            Originally posted by RahulSundaram View Post

            Sure but Apparmor is distro specific.
            Only insofar as Red Hat doesn't make it available in their kernel. It comes stock in Suse and Ubuntu and you can get Apparmor kernels / profiles third party on Debian / Arch.

            I can easily see a market for Apparmor -> SELinux profile conversion so we can standardize on one MAC archive format, that software can distribute upstream and have packaged accordingly.

            Comment


            • #26
              Flatpak reads like OS X app bundles, but extending it to third party operating systems.

              Comment


              • #27
                Originally posted by zanny View Post

                Only insofar as Red Hat doesn't make it available in their kernel. It comes stock in Suse and Ubuntu and you can get Apparmor kernels / profiles third party on Debian / Arch.

                I can easily see a market for Apparmor -> SELinux profile conversion so we can standardize on one MAC archive format, that software can distribute upstream and have packaged accordingly.
                LSM's cannot be stack one on top of another easily. This is a fundamental problem. There are hundreds of distros out there that apparmor will not work for and it is not the right layer for the features that flatpak exposes.

                Comment


                • #28
                  Originally posted by zanny View Post

                  Only insofar as Red Hat doesn't make it available in their kernel. It comes stock in Suse and Ubuntu and you can get Apparmor kernels / profiles third party on Debian / Arch.

                  I can easily see a market for Apparmor -> SELinux profile conversion so we can standardize on one MAC archive format, that software can distribute upstream and have packaged accordingly.
                  Apparmor isn't supported by so many distros. If you see a market for it, do it and show how it is done.

                  Comment


                  • #29
                    All this complaining about making linux more accessible... no wonder we've been stuck at 1% of the market for decades.

                    Comment


                    • #30
                      Originally posted by higuita View Post

                      not directly flatpak, but rancherOS is a pid 1 docker, where ALL apps run inside docker containers, so each app can be isolated from the next one.

                      My main issue with flatpak is coming from gnome devs... i don't trust then, as i don't trust systemd, pulseaudio devs... Everytime i see something coming from oracle, redhat, apple or microsoft, i step back and try to see the bigger picture... not that everything they do is bad, but they fucked up the final user several times already to improve their business, so i don't trust then
                      This won't change your mind but RH, "the company", gave no directives to the gnome folks. Believe me, I WISH they had. I WISH more of upper management had an interest in GNOME so that Fedora could actually be given the mandate to fix some of the odd ux choices in GNOME.
                      JMO but viewing companies as discrete entities that have long lasting desires isn't, generally, a great idea unless you have some good reason to think otherwise. Individuals, on the other hand, sure, go to town.

                      Comment

                      Working...
                      X