On Wed, 2016-06-15 at 12:46 -0400, Matthew Miller wrote: > On Wed, Jun 15, 2016 at 06:25:17PM +0200, Alexander Larsson wrote: > > > That's precisely what they are doing on non-Ubuntu distributions, > > > disabling confinement. > > Thats is pretty crappy. That means things will keep accidentally > > being > > packaged that depends on things not in the ubuntu core. It also > > means > > that there is zero sandboxing. > > Can you elaborate on how this is different from Flatpak's > currently-rather-open sandboxing (as seen elsewhere in this thread)? Even with "host filesystem access" the sandboxed app doesn't see /usr from the host, only things like /home and /opt. So its not generally possible to pick up host dependencies. The same is supposed to be true for snappy, because it uses apparmor to make the snap no be able to access /usr. But that requires the ubuntu patched apparmor support, so this is disable on all non-ubuntu builds of snappy. Also, I'd like to point out that flatpak isn't always open wrt sandboxing even now. Its possible to grant an app filesystem access, and many currently do, but its also possible to run e.g. games without filesystem access, and we do sandbox a lot of other things (pid namespace, uid namespace, network access, filtered dbus access, seccomp filtering, etc). Its just not currently realisting to not grant some kind of filesystem access for apps that read user files until we finish the work on the file selector portal. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
