GNOME Makes Progress On Sandboxed Applications
![GNOME](/assets/categories/gnome.webp)
Matthias Clasen wrote a lengthy blog post tonight detailing the sandboxed applications for GNOME. The goal of sandboxed applications is to make it easy for third-parties to distribute applications that work on multiple distributions, give the applications as little access as possible to the host system, and to also make it easier to write applications.
Red Hat and GNOME developers have quietly been working on their sandboxed applications implementation and they hope to have an initial test version ready for GNOME 3.16, including integration with the GNOME Software app installer.
The sandboxed apps are built atop Linux cgroups, Linux namespaces, SELinux, KDBUS, and Wayland for providing good support. Wayland is depended upon for these sandboxed apps over X11 simply due to the X.Org/X11 Server security concerns and it being inherently insecure. KDBUS is used as the IPC mechanism.
Those wishing to learn more about GNOME's sandboxed apps work can see Clasen's blog post and the SandboxedApps Wiki page for all of the important details.
11 Comments