The First Fully-Sandboxed Linux Desktop App Is...

Written by Michael Larabel in GNOME on 17 February 2015 at 08:53 AM EST. 10 Comments
GNOME
The GNOME-aligned open-source crew working on sandboxing Linux applications has made progress and they do have their first application sandboxed.

GNOME has been working on sandboxing Linux applications using Wayland (for better security over X11), KDBUS for IPC, SELinux, cgroups, etc. A goal has been to have a preliminary test version of the sandboxing technology ready for GNOME 3.16.

Alexander Larsson has written a blog post this morning about the first fully sandboxed Linux desktop app. This first desktop app is... the open-source Neverball. Neverball is the ball-rolling puzzle game. This title was chosen first for sandboxing for being a simple application and the game having very little interaction with the rest of the system.

The sandbox is independent of the host distribution, has no access to system/user files aside from the runtime and application itself, has no hardware access besides DRI for OpenGL rendering, has no network access, cannot access other system processes, only obtains input via Wayland, can only supply audio to PulseAudio, etc.


Read more via Larsson's blog post and check out his sandbox demo video above.
10 Comments
Related News
GNOME's €1M Funding Is Help Advance Work On systemd-homed Home Encryption
GTK 4.14 Adding Graphics Offloading Capabilities Under Wayland
GNOME Terminal Working To Migrate To GTK 4, VTE To Overcome 40 FPS Cap
Experimental Zero-Copy Support For Nouveau With GNOME Mutter
More Optimizations Made For Making GNOME/VTE Terminals Go Faster
GNOME Foundation Names A New Executive Director
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
64-bit ARM Linux Kernel Against CPU-Specific Optimizations: "Pretty Unmaintainable"
Firefox 120 Ready With Global Privacy Control, WebAssembly GC On By Default
The Linux Kernel Preparing To Drop Infrastructure For Old & Obsolete Graphics Drivers
Firefox 121 Is Looking Good For Having Wayland Enabled By Default
Debian's MIPS64EL CPU Port Is At Risk Due To Declining Hardware Access
LACT Is The Newest AMD Radeon GUI Control Panel For Linux
Lenovo Prepares The Linux Kernel For "Ultra-Performance Capability" On Latest ThinkPads
KDE Is Down To Just One Wayland Showstopper Bug Remaining