|
| yjftsjthsd-h wrote:
| Also of interest is https://github.com/igo95862/bubblejail , a
| less low level program on top of bubblewrap.
| jauntywundrkind wrote:
| Fwiw, this was mentioned in the _NixOS and my descent into
| insanity_ submission yesterday, as it 's underlying util _bwrap_
| , as a possible tool to help the blogger get NixOS running on
| their campus computers.
| https://news.ycombinator.com/item?id=36668363
|
| The org maintaining this maintains a bunch of other very high
| profile containerization/isolations tools: podman container
| runtime, buildah container builder, skopeo container registry
| multitool, conmon-rs container monitor, podman desktop gui, youki
| container runtime, and maintaining the standard reference impl of
| a bunch of OCI specs (storage, image). There's no higher profile
| place this work could come from, imo.
| formerly_proven wrote:
| > The org maintaining this maintains
|
| (That org being mostly Red Hat)
| nextos wrote:
| It's actually annoying NixOS doesn't offer good default
| sandboxing. Sandboxing should appeal to the Nix crowd, but
| somehow it's not been integrated yet. AFAIK, GuixSD is working
| on sandboxing.
|
| In general, sandboxing is pretty important and an area were
| Linux distributions are falling behind macOS and mobile.
| yjftsjthsd-h wrote:
| NixOS supports firejail - https://nixos.wiki/wiki/Firejail
| nextos wrote:
| It does, but it is far from seamless / widely used. It is a
| little bit more than firejail packed for NixOS.
___________________________________________________________________
(page generated 2023-07-11 23:01 UTC) |