If only more Linux programs followed sandboxing best practices...i.imgur.comimage IverCoder ( @IverCoder@lemm.ee ) Linux@lemmy.mlEnglish • 1 year ago message-square41fedilinkarrow-up1353
arrow-up1353imageIf only more Linux programs followed sandboxing best practices...i.imgur.com IverCoder ( @IverCoder@lemm.ee ) Linux@lemmy.mlEnglish • 1 year ago message-square41fedilink
minus-square tony ( @tony@lemmy.hoyle.me.uk ) linkfedilink129•1 year agoOr actually do anything useful? No network, no filesystem… it’s a hello world app isn’t it…
minus-square snowfalldreamland ( @snowfalldreamland@lemmy.ml ) linkfedilink27•edit-21 year agoThere are portals: https://docs.flatpak.org/en/latest/desktop-integration.html#portals . they allow secure access to many features. Also any flatpak app still has access to a private app-specific filesystem, just not to the host. Doesn’t work for all applications but for many sand boxing is possible without a loss of features.
minus-square IverCoder ( @IverCoder@lemm.ee ) OPlinkfedilinkEnglish14•1 year agoThere’s Obfuscate, an image redactor, and Metadata Cleaner which is self-descriptive. Both works properly without any filesystem access at all, because they use the file picker portal to ask the user for the files to be processed.
Or actually do anything useful? No network, no filesystem… it’s a hello world app isn’t it…
There are portals: https://docs.flatpak.org/en/latest/desktop-integration.html#portals . they allow secure access to many features. Also any flatpak app still has access to a private app-specific filesystem, just not to the host.
Doesn’t work for all applications but for many sand boxing is possible without a loss of features.
Portal.
There’s Obfuscate, an image redactor, and Metadata Cleaner which is self-descriptive. Both works properly without any filesystem access at all, because they use the file picker portal to ask the user for the files to be processed.