[ANNOUNCE] xdg-app - desktop app sandboxing system
Alexander Larsson
alexl at redhat.com
Wed Jun 24 08:15:11 UTC 2015
xdg-app is a desktop and distribution-independent application bundling
and system for Linux. It uses user namespaces and the kernel container
technologies to run applications in a sandboxed environment without any
kind of root privileges or setuid required[1]. It also features a user
-space dbus filter with policies that are compatible with kdbus.
xdg-app is still somewhat early in development, but it is now in a
state where it is stable enough to get a wider audience.
More details on how xdg-app works can be found here:
https://wiki.gnome.org/Projects/SandboxedApps
xdg-app recently moved to a new hosting service at freedesktop.org, so
these are the current resources for xdg-app:
Mailing list: http://lists.freedesktop.org/mailman/listinfo/xdg-app
IRC: #xdg-app on freenode
Git: git://anongit.freedesktop.org/xdg-app/xdg-app
Releases: http://www.freedesktop.org/software/xdg-app/releases/
Bugzilla: https://bugs.freedesktop.org/ (product xdg-app)
To actually test xdg-app I have created upstream gnome and freedesktop
runtimes with some test apps, as well as an example repository with
runtime and apps based on fedora rawhide packages. See these blog posts
for details:
https://blogs.gnome.org/alexl/2015/03/31/official-gnome-sdk-runtime-builds-are-out/
https://blogs.gnome.org/alexl/2015/06/17/testing-rawhide-apps-using-xdg-app/
[1] Needs user namespaces in the kernel, if not available it can be
built to use setuid or setcaps instead.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
He's an impetuous playboy rock star with a robot buddy named Sparky.
She's a disco-crazy impetuous schoolgirl with her own daytime radio talk
show. They fight crime!
More information about the Containers
mailing list