Atomic workstation
Colin Walters
walters at verbum.org
Wed Dec 3 23:04:20 UTC 2014
On Wed, Dec 3, 2014, at 05:00 PM, Josh Boyer wrote:
> I don't really know, I thought about all of this for like 30 seconds.
I've spent a bit longer myself...after I joined
Red Hat in 2004, I looked at using SELinux for this:
http://selinuxsymposium.org/2005/presentations/session3/3-1-walters.pdf
Later Dan Walsh made sandbox-x:
https://www.redhat.com/promo/summit/2010/presentations/summit/whats-next/thurs/dwalsh-2-gpa/GrandfathersSELinux.pdf
But neither really started to make any of the changes necessary in the
toolkit, for issues like the MIME database or inter-app IPC.
The topic has come up at GUADEC again more recently via the KDBus
effort, which will help with a more secure IPC channel for everything
besides Wayland. But that's only a foundational infrastructure piece
for the changes that would be needed in the toolkit and apps.
> Aren't containers supposed to be the magic solution these days?
Server apps tend to be designed to be distributed, and run by operations
people who can understand the setup. Desktop apps, not so much.
QubesOS doesn't try - you have to make isolated desktops manually.
>I
> wasn't expecting it to work without effort, but I also wasn't
> expecting "no that can't be done" to be the answer either.
It's somewhere between those extremes, but it is a *lot* of work.
Probably someone should make a wiki page with links to the
different efforts.
More information about the desktop
mailing list