Re: Sandboxed Gnome apps

On Thu, 2014-09-04 at 19:05 +0200, Alexander Larsson wrote:

4. IPC stability guarantees

During GUADEC, Dodji Seketeli told me about a tool he's working on to
determine whether a C/C++ API/ABI has changed.  This is not IPC
stability, of course, but it may definitely come in handy to ensure the
general sanity of the ABI.

It should be easy to do a comparison of DBus interfaces, right?  I guess
you could introspect them, serialize the results, and compare them.  I
don't know how this would work without having to introspect both pieces
of code you are testing.
5. Sandboxing APIs

   In a sandboxed environment app code doesn't have access to most of
   the host system. However, apps still need some ways to securely
   access various services (like users files, hw, host services, etc).
   We need to define these APIs, and whatever security layer protects
   against their misuse.

Does anyone have ideas for how to sandbox a traditional app so as to
restrict its access to files, DBus onto other processes, etc. - even if
the app doesn't work at first?  I'd like to see where things start
failing and then seeing how to open up those bits via DBus interfaces,
rather than taking an everything-open application and closing it down.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]