Atomic workstation
Matthew Miller
mattdm at fedoraproject.org
Thu Dec 4 23:25:06 UTC 2014
On Thu, Dec 04, 2014 at 05:10:32AM -0500, Daniel J Walsh wrote:
> As I found when I wrote the SELinux Sandbox. The Linux Desktop is a
> "cess pool" of communication and attempting to sandbox apps will have
> unexpected consequences.
But we don't have to start with the muck at the bottom. :) We can
containerize the things that are easy and decompose the things which
aren't as easy and ship, still ship them as modular components, and
either just run them or build up whatever light sandboxing makes sense,
and then move things to be more _actually_ containerized as possible.
--
Matthew Miller
<mattdm at fedoraproject.org>
Fedora Project Leader
More information about the desktop
mailing list