This week in Plasma: Getting #Plasma6.3 into shape, more KRunner searches, better scaling and a whole lot more:
https://blogs.kde.org/2025/01/18/this-week-in-plasma-getting-plasma-6.3-in-great-shape/
This week in Plasma: Getting #Plasma6.3 into shape, more KRunner searches, better scaling and a whole lot more:
https://blogs.kde.org/2025/01/18/this-week-in-plasma-getting-plasma-6.3-in-great-shape/
@kde@floss.social @kde@lemmy.kde.social
Can you tell us what happens on the “sandbox all the things” goal?
I think this is a pretty crucial step forward, even though #sandbox technologies (most often through user namespaces) are more problematic than I initially thought.
(Basically, user #namespaces open up #privesc dangers to the monolithic #kernel, which is incredible. #Android and #ChromeOS use #LXC, mounts and #SELinux for #sandboxing)
@Rhababerbarbar @kde@lemmy.kde.social
“Sandbox all the things” is not currently a KDE goal.
https://kde.org/goals/
@kde@floss.social @kde@lemmy.kde.social
Thx for the info, then it is like that.
Here is the goal proposal
https://phabricator.kde.org/T17370
Tbh, #bubblewrap would need to be fixed drastically to be as secure as the #Android #sandbox. And (I am not sure yet) I think even #Snaps are more secure (on #Ubuntu with #Apparmor patches) than #Flatpak with the current system.
As far as I understood, sandboxing needs to happen in #userspace, with tools like #fuse doing the work while being restricted by #MAC like #SELinux or Apparmor.
@Rhababerbarbar @kde@lemmy.kde.social
That is the proposal page. Of all proposals, and there are always quite few, the community votes and selects three to work on for two years. This one was not selected.
@kde@floss.social @kde@lemmy.kde.social
True, changed the naming ;)
@kde@floss.social @kde@lemmy.kde.social
For people interested, maybe #crabjail and #crablock can be a solution!
https://codeberg.org/crabjail/crablock
A #sandboxing tool written in #Rust, featuring " bleeding edge #Linux #security features like #Landlock or MDWE_REFUSE_EXEC_GAIN."