Re: Sandboxed Gnome apps
- From: Federico Mena Quintero <federico gnome org>
- To: Alexander Larsson <alexl redhat com>
- Cc: gnome-os-list <gnome-os-list gnome org>
- Subject: Re: Sandboxed Gnome apps
- Date: Fri, 05 Sep 2014 13:20:37 -0500
On Thu, 2014-09-04 at 19:05 +0200, Alexander Larsson wrote:
4. IPC stability guarantees
During GUADEC, Dodji Seketeli told me about a tool he's working on to
determine whether a C/C++ API/ABI has changed. This is not IPC
stability, of course, but it may definitely come in handy to ensure the
general sanity of the ABI.
http://gcc.gnu.org/wiki/ABIInstrumentation
It should be easy to do a comparison of DBus interfaces, right? I guess
you could introspect them, serialize the results, and compare them. I
don't know how this would work without having to introspect both pieces
of code you are testing.
5. Sandboxing APIs
In a sandboxed environment app code doesn't have access to most of
the host system. However, apps still need some ways to securely
access various services (like users files, hw, host services, etc).
We need to define these APIs, and whatever security layer protects
against their misuse.
Does anyone have ideas for how to sandbox a traditional app so as to
restrict its access to files, DBus onto other processes, etc. - even if
the app doesn't work at first? I'd like to see where things start
failing and then seeing how to open up those bits via DBus interfaces,
rather than taking an everything-open application and closing it down.
Federico
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]