If only more Linux programs followed sandboxing best practices...i.imgur.comimage IverCoder ( @IverCoder@lemm.ee ) Linux@lemmy.mlEnglish • 11 months ago message-square41fedilinkarrow-up1352
arrow-up1352imageIf only more Linux programs followed sandboxing best practices...i.imgur.com IverCoder ( @IverCoder@lemm.ee ) Linux@lemmy.mlEnglish • 11 months ago message-square41fedilink
minus-square tony ( @tony@lemmy.hoyle.me.uk ) linkfedilink129•11 months agoOr actually do anything useful? No network, no filesystem… it’s a hello world app isn’t it…
minus-square snowfalldreamland ( @snowfalldreamland@lemmy.ml ) linkfedilink27•edit-211 months agoThere are portals: https://docs.flatpak.org/en/latest/desktop-integration.html#portals . they allow secure access to many features. Also any flatpak app still has access to a private app-specific filesystem, just not to the host. Doesn’t work for all applications but for many sand boxing is possible without a loss of features.
minus-square IverCoder ( @IverCoder@lemm.ee ) OPlinkfedilinkEnglish14•11 months agoThere’s Obfuscate, an image redactor, and Metadata Cleaner which is self-descriptive. Both works properly without any filesystem access at all, because they use the file picker portal to ask the user for the files to be processed.
Or actually do anything useful? No network, no filesystem… it’s a hello world app isn’t it…
There are portals: https://docs.flatpak.org/en/latest/desktop-integration.html#portals . they allow secure access to many features. Also any flatpak app still has access to a private app-specific filesystem, just not to the host.
Doesn’t work for all applications but for many sand boxing is possible without a loss of features.
Portal.
There’s Obfuscate, an image redactor, and Metadata Cleaner which is self-descriptive. Both works properly without any filesystem access at all, because they use the file picker portal to ask the user for the files to be processed.