Enviado desde mi iPhone
El 19 jul 2017, a las 0:55, Patrick Griffis
<tingping(a)tingping.se> escribió:
Correct me if I am wrong but Snap has other limitations too such as no sandboxing on
Fedora, no ability to add multiple remote repositories, limited desktop integration
compared to Flatpaks Portals.
It is true we cannot rely on apparmor and SElinux support is only a possibility that
nobody is hacking on at the moment. On Fedora we still have the same seccomp snadboxing
and a few related mechanisms, such as udev tagging of devices, device cgroup and a dbus
xml configs. Apparmor may soon be stackable under SElinux (and vice versa I hear) so we
may get the same confinement as on pure apparmor distributions. Ideally someone would step
up and work on full blown SElinux support but that is a large task that nobody has
attempted yet.
Multiple repositories are a design decision that shifts the complexity and decisions away
from the edge. A device points to one repository that in turn may aggregate and filter any
number of repositories. This is already used in the field by various snap-based products.
As for desktop support I think we are only off on theming but that is benign pursued.
Snaps are not opinionated on existing software like flatpaks are. You can put gcc or
apache into a snap and it will work fine. It won't needs to use portals. You can also
put gnome apps in a snap and they can choose to use portals or can work the old way,
without any trusted helpers that mediate access and act as file pickers. I believe Ubuntu
desktop developers are working on integrating portals with snappy interfaces (so that they
can be used by apps that understand them). If tomorrow there is another portal or another
portal like thing that is all he same for snapd. It is just another interface.
Let me know if you have any questions. I'm eager to spread the knowledge and help
everyone understand how snaps work.
Best regards
ZK
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org