at least how i get it, i think there is no need for special SDK. making package would be the matter of build tools, where you specify target aka. "i want to run this on everything up from CentOS 5". build tools should simply make the package that will contain all the libraries needed to run on desired targets. no matter if you'll run it on distro that would already supply most of required ones.

as far as SDK for sandboxing goes, again there should be no need for that. that is matter of sandbox it self, not your application. you need port 34534 for example, your socket code is just as usual, no difference. but, unless you specified sandbox to open it for you, sandbox simply won't allow it to pass trough. beside security, it also gives great overview of what application will do before it can do it. unlike half assed sandboxing in android for example

not all applications would make sense to deploy like that, hell... i love package distribution. but for a lot... it's a way to go. it's also a way to get commercial development on board since targets are not restricted to singular distribution and you can provide long term support without the need to patch it every week just because some OSS project changed. not to mention the flaw of package management, usually you get constricted to specified version of app for whole life time of that distro, where installing newer can be rather painful experience.

if that was any other topic, aka. not systemd. i'd agree in heartbeat. in systemd news, phoronix sometimes feels even more amusing than hardest /. troll fest

what is there to defend against? poster is obviously still in 1985 and way to scared to proceed to reality

As I understand it the application container would be build against a certain profile, which determins which libraries are bundled up with the container. The sandboxing would be handled by the kernel via kdbus, cgroups etc. Just having a single portable app container file format for userspace applications would already be immensely helpful for Linux. There would be no need for developers to think about how they'll publish their softwar (package it as a deb or rpm? Or just a source tarball and hope some maintaier packages it for distro x?) They'd just make the container and can be sure it runs on every Linux distro the same way it does on his development machine. Applications would never break the system through shared library updates. You could easily mix old and new software and rollback to previous versions, without downgrading a lot of other stuff aswell.

There are several kinds of sand boxing when it comes to systemd. The present one relies on "kernel capabilities" and "cgroup" and is good for protecting services; you can lock down services so even if the "http" daemon is compromised, the attacker can't get privilege escalation, even by executing arbitrary code. Or prevent an attacked daemon from fork-bombing or hogging IO or CPU time. It can also prevent a compromised daemon from reading certain directories, even if it manages to execute code with system wide rights (root) etc.

The other kind of sand boxing isn't implemented yet. It will require kdbus and "Portals" (similar to Android's "Intents" http://www.phoronix.com/scan.php?pag...tem&px=MTI5NDQ

It will probably have a special SDK, so developers can target that instead of the underlying OS.
The thinking is, that this allows app developers to potentially target all Linux distros at the same time, and will be a tremendous boost for Linux based phones and tablets.

A problem now a days is, that Linux has a small desktop userbase, and even that base is fragmented into countless variations. This makes it hard to convince e.g. the local Metro train company, or bank to develop a Linux app, and if they do, they tend to only target large userbase Linux distros like Fedora or Ubuntu.
A stable SDK and API that potentially works across all Linux distros will make it much more attractive for third party developers.

This kind of sandboxing will of course also be of great use for normal programs: as it is now, a browser can read/write everywhere the user can, even do it without user permission too. This is bad when a browser gets compromised, since it can steal information or plant a trojan or similar.
When sandboxed the browser may be limited to certain directories and if it wants to read a file, it doesn't do it directly, but will have to ask the "Portal" to fetch it, ensuring that the user can give it permission or deny the request.

Don't forget that Linus himself is part of the "Linux Plumbers" initiative that ultimately resulted in systemd. Anyone who has followed Linus on LKML knows that he cares about one thing; that Linux can solve real world problems for as many people/user cases as possible, and doing it in a way he find correct, not what fashion or dogmas dictate. You could call that the "Linux Philosophy".

If Linus disagree with the way the "UNIX way" or "POSIX" conflicts with the "Linux Philosophy", he will ignore them.

The end result is that Linux is a thriving eco system with lots of developers and end users, from embedded systems, to servers and desktops, to huge super computers and massive clusters.

Other UNIX systems have stagnated and disappeared in the mean time, because they didn't keep up.

systemd solves real world problems, and is an important part in why Linux can stay relevant in the future. You may not like systemd and prefer to live in a 1994 time-freeze where no development take place and no new ideas are implemented so you can avoid learning anything new. But the rest of the world, including Linus Torvalds, wants to move on.

That's much worse

trollc, I have some spare Slackware 10 CDs, I can send it to you to play with. In the meantime me and other sane Linux developers/users will embrace each new tech, that makes our OS the best in our eyes.

d best!..

THIS!..
Systemd has already helped all of mankind evolve light-years ahead where we were before it..

Why would so many people hate systemd?.. Are you guys serious or just having fun trolling?.. Yes, I know trolling can be fun for a while..
You can't really expect me to believe that a piece of poop like sys-v or upstart is more advanced than systemd, can you?.. Even canonical finally decided that systemd is the best! So what does that tell you?..

Any way, whether you people are serious or not, systemd is what has been decided is best in every single conceivable aspect.. And it just keeps getting bigger and bigger!......oops, I mean better and better!..
So...me, linus, and systemd will be waiting for you in the future...if you ever make it there...good luck, dude...

Daily reminder Prodigy is a disgusting Microsoft rapist paid to troll systemd threads.

I truly hope all the systemd trolls are just trolling for fun, because it must be such a pathetic existence to actually believe the random shit they say on systemd topics.