The First Fully-Sandboxed Linux Desktop App Is...

Written by Michael Larabel in GNOME on 17 February 2015 at 08:53 AM EST. 10 Comments
The GNOME-aligned open-source crew working on sandboxing Linux applications has made progress and they do have their first application sandboxed.

GNOME has been working on sandboxing Linux applications using Wayland (for better security over X11), KDBUS for IPC, SELinux, cgroups, etc. A goal has been to have a preliminary test version of the sandboxing technology ready for GNOME 3.16.

Alexander Larsson has written a blog post this morning about the first fully sandboxed Linux desktop app. This first desktop app is... the open-source Neverball. Neverball is the ball-rolling puzzle game. This title was chosen first for sandboxing for being a simple application and the game having very little interaction with the rest of the system.

The sandbox is independent of the host distribution, has no access to system/user files aside from the runtime and application itself, has no hardware access besides DRI for OpenGL rendering, has no network access, cannot access other system processes, only obtains input via Wayland, can only supply audio to PulseAudio, etc.

Read more via Larsson's blog post and check out his sandbox demo video above.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week