Hacker News new | ask | show | jobs
by himata4113 34 days ago
high privilege access required (CAP/NET admin), containers / sandboxing wins once again.

Can we make sandboxing the new default now? Flatpak does a good job, but we're still pretty far away for apt/yum/pacman installed packages. AppArmor was a decent step forward, but clearly not enough.
2 comments
pjmlp 33 days ago
Yes on Android, iDevices, macOS, Windows (UWP, Win32 boxing), Qube OS, but it remains a controversial topic in GNU/Linux land.
link
soupbowl 33 days ago
I am pretty sure that Flatpak does 'not' do a good job when it comes to sandboxing, maybe one day.
link
himata4113 32 days ago
does it not? I know dbus is a problem that they can't really do much about except disabling it and wayland solved display based escalation.
link