[tholdem]

Sandboxing should be built in and by default, not DIY and glued on, like with apparmor and firejail.

"Your car does not come with a seatbelt? Seatbelt parts are easy to order online and assembled on any car, it's your fault for not using one."

> Also the very same npm backdoors have already hit android apps. What can sandboxing do if you backdoor a dependency of your banking app?

The whole point of sandboxing is that one compromised app can not compromise the whole system and other apps. Compromised dependency on my banking app on Android or iOS only compromises that banking app and nothing else.

[cosmic_cheese]

It’s always felt strange that Linux desktops try to make sandboxing and permissions the responsibility of packaging standards. That strikes me as much more of a system level thing like audio or display output.

[dustbunny]

Fedora Silverblue is this

[pona-a]

How so? I'm writing this from an Fedora Sericea, which is Silverblue but with Sway instead of GNOME. Atomic Fedoras solve only package hysteresis (your package manager being unable to reproduce the intended system state because of unaccounted for changes) by generating the root file system with OSTree. It has nothing to do with sandboxing the applications themselves.

[Arnavion]

It does in the sense that all the applications you install will be via flatpak, so they get sandboxed that way. Of course it depends on how locked down the sandbox is configured for each of those applications.

[yencabulator]

The S in Flatpak stands for Security.

Flatpak is primarily a convenience mechanism for app makers. Any security boundary you may find in it is optional, all defaults are always toward not breaking apps. Apps pretty much uniformly either silently get read access to all your files, and even when that is not true they often get permanent read-write access to any file you open in them.

Go look at the permissions for GNOME Papers. Try to argue that it's "sandboxed".

[akimbostrawman]

>Apps pretty much uniformly either silently get read access to all your files

This is outdated information. The situation has improved since the publishing of flatkill with flathub loudly warning about permissions and less apps having full R/W access.

Android apps can be configured insecurely too although less severe, still it's the users responsibility to check and modify permission.

In either case it's a substantial improvement from no isolation at all with much easier handling than other sanbox tools or MACs.

[yencabulator]

> less apps having full R/W access.

Not good enough when apps can still silently have full access to home and /media without the user even realizing.

[tholdem]

It may be in the future, but for now it is no different from Fedora Workstation in terms of security. Please correct me if I am wrong. AFAIK Silverblue has no additional sandboxing or any other improvements to security.

[JCattheATM]

Pretty sure Fedora, being based on Red Hat, has the strongest SELinux policy in place by default, and SELinux is pretty much the best sandboxing option available other than actual virtualization.

[tholdem]

Yes, but this was about Silverblue and how it implements some additional sandboxing, which it doesn't. SELinux is great, but maintaining it and creating configs is huge amount of work and where on AOSP, every process is strictly confined with SELinux, on Fedora, not so much. Not to mention the additional software the user installs. Not at all comparable to real Android or iOS sandboxing.

[JCattheATM]

It's generally only initial work to make the policies to maintain a program, maintaining doesn't even really exist unless the program radically changes in some way.

Fedora is notable because any software installed via repositories has a policy written for it, so it is already far more in effect than you might realize.

It's entirely comparable to Android sandboxing because it's part of the foundation of Android sandboxing.

[fossman]

Secureblue has entered the chat.