Atomic workstation
Josh Boyer
jwboyer at fedoraproject.org
Fri Dec 5 01:18:15 UTC 2014
On Thu, Dec 4, 2014 at 6:25 PM, Matthew Miller <mattdm at fedoraproject.org> wrote:
> On Thu, Dec 04, 2014 at 05:10:32AM -0500, Daniel J Walsh wrote:
>> As I found when I wrote the SELinux Sandbox. The Linux Desktop is a
>> "cess pool" of communication and attempting to sandbox apps will have
>> unexpected consequences.
>
> But we don't have to start with the muck at the bottom. :) We can
> containerize the things that are easy and decompose the things which
> aren't as easy and ship, still ship them as modular components, and
> either just run them or build up whatever light sandboxing makes sense,
> and then move things to be more _actually_ containerized as possible.
Right. I didn't mean to suggest everything to should be containers or
nothing. I meant we should be able to do a layered approach to
providing things, however that makes sense now, and then move towards
more sandboxing/containers over time. The benefit and focus would be
to prevent 3 products from doing the same work 3 times. Create a
base, add the product layers, profit (or in our case maybe "reduce
technical debt" or some other fancy catch phrase).
josh
More information about the desktop
mailing list