On Wed, Dec 3, 2014, at 05:00 PM, Josh Boyer wrote: > I don't really know, I thought about all of this for like 30 seconds. I've spent a bit longer myself...after I joined Red Hat in 2004, I looked at using SELinux for this: http://selinuxsymposium.org/2005/presentations/session3/3-1-walters.pdf Later Dan Walsh made sandbox-x: https://www.redhat.com/promo/summit/2010/presentations/summit/whats-next/thurs/dwalsh-2-gpa/GrandfathersSELinux.pdf But neither really started to make any of the changes necessary in the toolkit, for issues like the MIME database or inter-app IPC. The topic has come up at GUADEC again more recently via the KDBus effort, which will help with a more secure IPC channel for everything besides Wayland. But that's only a foundational infrastructure piece for the changes that would be needed in the toolkit and apps. > Aren't containers supposed to be the magic solution these days? Server apps tend to be designed to be distributed, and run by operations people who can understand the setup. Desktop apps, not so much. QubesOS doesn't try - you have to make isolated desktops manually. >I > wasn't expecting it to work without effort, but I also wasn't > expecting "no that can't be done" to be the answer either. It's somewhere between those extremes, but it is a *lot* of work. Probably someone should make a wiki page with links to the different efforts. -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
