Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Maybe we should have easy to use sandbox commands controlled by the user. Currently all the software must be designed and compiled with sandbox restrictions deliberately (e.g. Chrome). It is better if we can sandbox arbitrary programs with convenience.


CLI is one thing, but for GUI apps, OS X has supported sandboxing for years, enforcing it on all Mac App Store apps against developer outcry.

On Linux, GNOME is working on something that looks quite a bit like how OS X did it:

https://wiki.gnome.org/Projects/SandboxedApps

So I think we're actually moving in the right direction, albeit extremely slowly and imperfectly.


The problem with Mac App Store sandboxing is that it is not configurable and therefore many apps are simply unusable or extremely annoying sandboxed.


Don't we have that? With SELinux, sandboxing is literally a command away (and the command is, aptly, named `sandbox´).

There are certain inconveniences when it comes to sandboxing applications, especially applications that require an X server, which is why sandboxing is not done by default on any popular Linux OS.


Why does it need to be user controlled?

Someone creates a sandbox profile for a program and then distributes it to others.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: