boredsquirrel
Linux, FOSS, Open Network Location, Environment, GrapheneOS.
If you like what I do, tip me some Monero!
- 0 Posts
- 7 Comments
1·1 month ago@kde@floss.social @kde@lemmy.kde.social
For people interested, maybe #crabjail and #crablock can be a solution!
https://codeberg.org/crabjail/crablock
A #sandboxing tool written in #Rust, featuring " bleeding edge #Linux #security features like #Landlock or MDWE_REFUSE_EXEC_GAIN."
@kde@floss.social @kde@lemmy.kde.social
Thx for the info, then it is like that.
Here is the goal proposal
https://phabricator.kde.org/T17370
Tbh, #bubblewrap would need to be fixed drastically to be as secure as the #Android #sandbox. And (I am not sure yet) I think even #Snaps are more secure (on #Ubuntu with #Apparmor patches) than #Flatpak with the current system.
As far as I understood, sandboxing needs to happen in #userspace, with tools like #fuse doing the work while being restricted by #MAC like #SELinux or Apparmor.
@kde@floss.social @kde@lemmy.kde.social
Can you tell us what happens on the “sandbox all the things” goal?
I think this is a pretty crucial step forward, even though #sandbox technologies (most often through user namespaces) are more problematic than I initially thought.
(Basically, user #namespaces open up #privesc dangers to the monolithic #kernel, which is incredible. #Android and #ChromeOS use #LXC, mounts and #SELinux for #sandboxing)
@kde@floss.social @kde@lemmy.kde.social
Is this how the dark/light transition will look like?
A small visual issue but nice to see fixed!
Yes absolutely, the workflows especially in Dolphin, Plasma search, Panel are just great.
@vamp898 @sisadness @kde@floss.social @kde@lemmy.kde.social
Yup, a random guy just revived it, updated to Qt5 and working on Qt6 I think. And another one has joined!
https://invent.kde.org/multimedia/amarok