Oddbean new post about | logout
laanwj | 1 days ago (raw) | root | parent | reply | flag 
 FWIW this is what flatpak does, it has pretty good sandboxing using linux kernel namespaces, not as perfect as qubes with its hardware VMs but that comes at a steep performance cost
Braydon Fuller | 1 days ago (raw) | root | parent | reply | flag +1 
 I didn't know that about flatpak, I'll have to give it another look.
laanwj | 1 days ago (raw) | root | parent | reply | flag +2 
 some of the other app distribution systems for linux also do sandboxing, at the least snap and steam (but i'm less familiar with how they do it, probably similar)

it's especially great for browsers as they are the most common target for remote exploits nowadays, and that's one reason for Ubuntu's decision to only ship firefox as a snap nowadays
Braydon Fuller | 1 days ago (raw) | root | parent | reply | flag 
 Wasn't a fan of snap, seemed like yet another package manager, but that makes a lot more sense now. It'd be great if the main package manager had it too, because that could have a lot of value for a distro.
laanwj | 1 days ago (raw) | root | parent | reply | flag 
 i agree

though i find a basic debian stable install + flatpak for all GUI applications works pretty well
also means you can have the newest versions, instead of whatever trickled through debian 😀 

but yes having it integrated would make sense, it's just that the usual way of installing applications for linux is to throw files all over the file system, which makes them neigh impossible to confine, and there's a lot of inertia in changing something like apt
ChipTuner | 1 days ago (raw) | root | parent | reply | flag 
 I've never wanted anything more than apps to keep all of their crap local. So if I wanted to remove an app I could just 'rm -rf app/' and it would be gone without a trace. 

I currently do as much as I can tolerate from source, or signed tarballs, and use Taskfile.dev to create scripts to perform updates anc compile so I can keep as much data local as possible, but that's TUI apps not desktop stuff.
laanwj | 1 days ago (raw) | root | parent | reply | flag +2 
 yes there is no strong reason why it needs to be that way, it's just a UNIX convention 
if you build from source you can install wherever 😀 

also some distros, like guix automatically install every package to a unique new directory then symlinks the binaries and libs when needed, it doesn't do any sandboxing though!

the other main practical difficulty in sandboxing is access to shared directories, like the home directory, if applications have unrestricted access there it still doesn't help much
flatpak has so-called portals https://docs.flatpak.org/en/latest/portal-api-reference.html to give the user ability to give conditional specific access only when needed
eg the file browser will only give a capability that gives access to the specific file selected, not everything
but every application needs to have specific support for this... so that's a lot of work
ChipTuner | 1 days ago (raw) | root | parent | reply | flag +1 
 I've heard similar for Windows APPX packages. The docs on this seem pretty incomplete on this though