|
|
|
|
|
|
by afiori
2210 days ago
|
|
|
> I want the proprietary app in a container. People want containers to be magic but they're actually a hard problem. You want the app not to be able to do anything you don't want it to but still be able to do everything you do want it to. As I see it the problem that containerization in snaps and similar solution is the isolation of system configuration. I agree that permissions are an hard problem and honestly I am not sure how much they are relevant for snaps, but what is theory is feasible is that installing a snap could be completely and reversible. I believe that is true of flatpack at least. |
|
|
If you drop your app's config file in /etc/ and nothing ever touches it, isolation isn't really buying you anything. If something does, that could still be what you want to happen.
For example, suppose there is a P2P app that can operate either by having you forward a port from your router (which is not always available) or by operating as a Tor onion service. To do the latter it has to modify Tor's configuration so that it allows incoming connections to the application's port. It's something you want to happen, it's something the package can clean back up again when it's uninstalled, but that doesn't work if the two otherwise independent applications have their configurations isolated from each other.
So it's still the permissions problem.