Desktop App Sandboxing
The cluster debates the need for application sandboxing on desktop operating systems like Linux, contrasting it with stronger implementations on mobile platforms such as iOS and Android, and discusses solutions like Flatpak, Snap, and Qubes OS.
Activity Over Time
Top Contributors
Keywords
Sample Comments
Don't the others OS have varying levels of app sandboxing while Linux has basically none?
That's a rather poor option. Mac App Store and Android for example offers much better sandboxing options.
The problem is you can't trust the app, therefore it must be sandboxed.
This is exactly why sandboxed apps (e.g., iOS/UWP/etc.) are a good thing.
No, please no. Make sand-boxing an optional feature the user has control over. Sort of like containerized tabs in Firefox. Not all apps have legitimate reasons for accessing your hard drive, but I'd argue that 90% of them that do, really need to. Let the user decide.
That's putting alot of faith in the OS and it's ability to sandbox correctly.
With all apps being sandboxed, though, please!
You can sandbox apps without stupid UI. Have a look at Qubes OS.
I'm starting to think something like flatpak or snap is necessary, but in a more sandboxed way, to enforce on the user level that certain apps won't have access to certain files. I would like to see options to fully sandbox an app (has it's own separate permissions for certain documents) or not sandbox it at all (for things we trust implicitly that need that access).
You can have sandboxing without an App Store (macOS supports it)