boredsquirrel

boredsquirrel@tux.social · 2 hours ago

For people interested, maybe #crabjail and #crablock can be a solution!

A #sandboxing tool written in #Rust, featuring " bleeding edge #Linux #security features like #Landlock or MDWE_REFUSE_EXEC_GAIN."

boredsquirrel@tux.social · 2 hours ago

@kde@floss.social @kde@lemmy.kde.social

Thx for the info, then it is like that.

Here is the goal page

https://phabricator.kde.org/T17370

Tbh, #bubblewrap would need to be fixed drastically to be as secure as the #Android #sandbox. And (I am not sure yet) I think even #Snaps are more secure (on #Ubuntu with #Apparmor patches) than #Flatpak with the current system.

As far as I understood, sandboxing needs to happen in #userspace, with tools like #fuse doing the work while being restricted by #MAC like #SELinux or Apparmor.

boredsquirrel@tux.social · edit-2 4 hours ago

@kde@floss.social @kde@lemmy.kde.social

Can you tell us what happens on the “sandbox all the things” goal?

I think this is a pretty crucial step forward, even though #sandbox technologies (most often through user namespaces) are more problematic than I initially thought.

(Basically, user #namespaces open up #privesc dangers to the monolithic #kernel, which is incredible. #Android and #ChromeOS use #LXC, mounts and #SELinux for #sandboxing)

boredsquirrel@tux.social · 9 days ago

@kde@floss.social @kde@lemmy.kde.social

Is this how the dark/light transition will look like?

A small visual issue but nice to see fixed!

boredsquirrel@tux.social · 3 months ago

@telepresence
@kde

Yes absolutely, the workflows especially in Dolphin, Plasma search, Panel are just great.