On 04/22/2016 02:57 PM, John Colvin wrote: > On Thursday, 21 April 2016 at 18:55:23 UTC, Gerald wrote: >> For those not familiar, xdg-app is a Linux virtualization system >> targeted at desktop apps, it's been under pretty heavy development and >> is available for use in Gnome 3.20. >> >> Mathias Clausen recently wrote a blog entry about creating his first >> xdg-app and the application he chose to play with was Terminix, a >> terminal emulator, which is written in D. He had some D specific >> challenges to deal with which may be interesting to others looking to >> support xdg-app. >> >> You can read his blog entry here: >> >> https://blogs.gnome.org/mclasen/2016/04/15/my-first-xdg-app. > > Can someone explain to me how xdg-app provides a significantly different > experience to static linking (in a language like C or D)? I guess > there's the old "what about libc?".
https://wiki.gnome.org/Projects/SandboxedApps explains it pretty well. Think of it as immutable filesystem snapshot that gets used for sandboxed app instead of real host filesystem. Not only all dependency code is included but all file resources too,: "A runtime provides a well-defined environment that an app can run in. Examples would be "GNOME 3.14" or "KDE 5.6". A runtime can be thought of as a /usr filesystem with fixed contents. When a bundled app gets run, the runtime it needs gets mounted at /usr." (c) that link It also includes facilities for limiting sandboxes app access to host: "The xdg-app run command sets up an isolated environment before exec()ing the application. Among other things, it - mounts the files/ directory of the application under /app (readonly) - mounts the files/ directory of the runtime under /usr (readonly) - mounts the data/ directory of the application under /var (writable) - if access to the host filesystem is required, it gets mounted at / (writable) - if access to the home directory is required, it gets mounted at its usual place (writable) - if access to neither the home directory or the host filesystem is required, /var/home gets mounted in its place (writable) - if the runtime has extension points, and matching runtimes are installed, mount them (readonly)" So in the end each app will bundle all its dependency and just work no matter what the host is. Which is cool. But it will also bundle all its dependencies and you'd better accept size of your total system installation (and its RAM consumption).
