Announcement

Collapse
No announcement yet.

Systemd Blasts Ahead With A Record Number Of Commits In 2021

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Systemd Blasts Ahead With A Record Number Of Commits In 2021

    Phoronix: Systemd Blasts Ahead With A Record Number Of Commits In 2021

    With the continuously growing set of features and functionality provided by systemd, this year saw the project hitting record growth in terms of commit activity that easily surpassed prior years. Surprisingly, Lennart Poettering dropped from his spot as the one responsible for the most commits each year...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Cool, but I wonder when will they work on adding some privacy / security features like running programs in containers and and ask for permission when they try to access the home partition or input devices like webcam and mike ?
    Restricting access to home partition and other areas from a Linux filesystem is already possible for services.
    Maybe they could extend that a bit.
    Some kind of sandboxing would be very beneficial to security.

    Comment


    • #3
      Originally posted by Danny3 View Post
      Cool, but I wonder when will they work on adding some privacy / security features like running programs in containers and and ask for permission when they try to access the home partition or input devices like webcam and mike ?
      Restricting access to home partition and other areas from a Linux filesystem is already possible for services.
      Maybe they could extend that a bit.
      Some kind of sandboxing would be very beneficial to security.
      I believe you should be using Flatpak if you want sandboxing for desktop applications

      Comment


      • #4
        Originally posted by Danny3 View Post
        Cool, but I wonder when will they work on adding some privacy / security features like running programs in containers and and ask for permission when they try to access the home partition or input devices like webcam and mike ?
        Restricting access to home partition and other areas from a Linux filesystem is already possible for services.
        Maybe they could extend that a bit.
        Some kind of sandboxing would be very beneficial to security.
        i often see people looking for missing feature which is already solved somewhere else. Something like 'fragmentation' on linux makes people want a universal package manager. Like dude, there's flatpak. But you know, people don't want to take that as a solution, almost like those people just want to whine for sake of itself.

        Comment


        • #5
          Originally posted by frytaped View Post

          I believe you should be using Flatpak if you want sandboxing for desktop applications
          Last time I tried Flatpak, almost a year ago, it sandboxed stuff so well that I couldn't get my printer or controllers working. That may or may not be better. I don't feel like finding out.

          It doesn't help that there's both Snap and Flatpak...and AppImage, but it's not really about sandboxing. Point is, we're already at XKCD Competing Standards so we might as well have a third...fourth...option based around systemd. Maybe that option will get Ubuntu to drop Snaps. Maybe that option will be systemd "simply" inheriting Flatpak. I dunno the best solution, I just know the current status quo where it's the Wild West of Sandbox Solutions won't last and that a systemd-based option would be the most universal and used option...sorry not sorry, the 17 people on Linux not using systemd don't matter...

          Comment


          • #6
            一番の渡辺さん

            Comment


            • #7
              Originally posted by Danny3 View Post
              Cool, but I wonder when will they work on adding some privacy / security features like running programs in containers and and ask for permission when they try to access the home partition or input devices like webcam and mike ?
              Restricting access to home partition and other areas from a Linux filesystem is already possible for services.
              Maybe they could extend that a bit.
              Some kind of sandboxing would be very beneficial to security.
              I like the way Android works for that, apps request permissions when you run them and you either grant them or not, it's simple enough.
              I wish we had the same with our distributions.
              Others have mentioned Flatpak for your usecase, but why not FireJail instead?

              Comment


              • #8
                Originally posted by geearf View Post

                I like the way Android works for that, apps request permissions when you run them and you either grant them or not, it's simple enough.
                I wish we had the same with our distributions.
                Others have mentioned Flatpak for your usecase, but why not FireJail instead?
                Yes, I like Android's system too, it also works very well with application firewalls like AFWall+
                As for Flatpak's sandbox, I saw it only once after I spent more than 2 days to figure out why I cannot move or split the games library to other drive on flatpaked Steam client.
                There was no hint, no warning, no pop-up window asking for permission.
                Really bad experience!

                I tried to use Firejail, but from what I've understood it requires profiles and that seems to take too much time for someone who is new to it.

                Comment


                • #9
                  Originally posted by geearf View Post
                  I like the way Android works for that, apps request permissions when you run them and you either grant them or not, it's simple enough.
                  I wish we had the same with our distributions.
                  That's what Flatpak does, apps just need to use Portals, it is done. Many apps still don't use Portals, though. The ecosystem is going through the same migration Android had to go through and even Android hasn't completed their migration to the new permissions yet, they still need to support their legacy permissions. Unfortunately that's something that will take many years, app developers are a notoriously stubborn bunch.

                  Originally posted by geearf View Post
                  Others have mentioned Flatpak for your usecase, but why not FireJail instead?
                  Because Flatpak is by far the superior solution.

                  Comment


                  • #10
                    Originally posted by jntesteves View Post

                    That's what Flatpak does, apps just need to use Portals, it is done. Many apps still don't use Portals, though. The ecosystem is going through the same migration Android had to go through and even Android hasn't completed their migration to the new permissions yet, they still need to support their legacy permissions. Unfortunately that's something that will take many years, app developers are a notoriously stubborn bunch.



                    Because Flatpak is by far the superior solution.
                    Can I use that Flatpak isolation with apps from my distribution's repo or does it need to be all from Flatpak?
                    How is Flatpak superior?

                    Comment

                    Working...
                    X