On Mon, Jul 17, 2017 at 12:03:13PM +0200, Michael Stahl wrote:
On 16.07.2017 12:54, Richard W.M. Jones wrote:
> On Fri, Jul 14, 2017 at 04:59:37PM +0000, Debarshi Ray wrote:
>> On Fri, Jul 14, 2017 at 09:44:18AM +0100, Richard W.M. Jones wrote:
>>>
>>> If RPMs of the graphical application work fine now, what on earth is
>>> the point of forcing packagers to make Flatpaks? Sandboxing isn't one
>>> of them - as already explained, sandboxing is orthogonal to packaging.
>>
>> Huh? How would you get sandboxing without Flatpaks? Unless you are
>> proposing a different sandboxing technology.
>
> Things like libvirt-sandbox have been around for a really long time
> and don't require special packaging (in fact they work with any
> arbitrary command).
reading between the lines of the fine documentation, there is no mention
of X11 or GUI applications, so i guess "arbitrary" is a bit of an
exaggeration?
It seems like it's not mentioned in the docs, but it does work as in
this example of running evince to view a suspect PDF file:
https://honk.sigxcpu.org/con/More_sandboxing.html
BTW libvirt sandbox allows either full-virt or container sandboxing.
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/