|First fully sandboxed Linux desktop application|
|By Thom Holwerda on 2015-02-17 21:37:27|
It's not a secret that I've been working on sandboxed desktop applications recently. In fact, I recently gave a talk at devconf.cz about it. However, up until now I've mainly been focusing on the bundling and deployment aspects of the problem. I've been running applications in their own environment, but having pretty open access to the system.
Now that the basics are working it's time to start looking at how to create a real sandbox. This is going to require a lot of changes to the Linux stack. For instance, we have to use Wayland instead of X11, because X11 is impossible to secure. We also need to use kdbus to allow desktop integration that is properly filtered at the kernel level.
- A broad overview of how modern Linux systems boot - 2018-06-18
- C gfx library for the Linux framebuffer with parallelism support - 2018-06-18
- The real power of Linux executables - 2018-05-31
- There's real reasons for Linux to replace ifconfig, netstat, et al. - 2018-05-25
- More related articles