On 09/07/2012 09:48 AM, Loïc Minier wrote: > On Fri, Sep 07, 2012, Matthew Paul Thomas wrote: >> What kind of sandboxing, specifically, do you think would be necessary >> for hundreds of thousands of Ubuntu applications not to interfere with >> each other? It seems to me there are four possible points of contention: >> 1. package names (versus the OS archive, and versus each other) >> 2. installed files >> 3. saved documents and settings >> 4. resource use (memory, CPU, network, peripherals) while running. > > Sandboxing might also involve enforcing the app / system interface; e.g. > not expose any other shared library than the ones application can rely > on being "always there" for a particular version of the interface. > > e.g. can an application rely on libgtk-x11-2.0.so.0 to be there or > should it bundle it? If we encourage apps to be self-contained, we are > lowering the overall security experience of the system by expecting all > application developers to update a lot of embedded libraries; if we make > them rely on system libraries, we're stuck with deps on them "forever". >
There is currently other work going on to define the "platform" that Ubuntu offers to application developers, and things like what Gtk version and it's APIs will be part of that. App developers will be encouraged to use the packages already provided in our repositories, even if they're not installed, by using Depends in their package definition. Part of the spec says that they can't depend on a maximum version, so they can't say it *has* to be version 2.0.0 ( = 2.0.0), they can only say it has to be *at* *least* version 2.0.0 ( >= 2.0.0), so that we can update it with security fixes. > > Another constraints for sandboxing is integration between apps and > integration of apps with the system. There are various levels at which > we expect apps will integrate with the system such as notification area > icon, a background service, gadgets, but integration between apps is > also important and isn't very developed in Android / iOs. Sure, there > are some "Share" buttons or "Open with" intents in iOS and Android and > even Nautilus has a "Send to...", but I feel this is a very limited > level of integration. Will we allow detecting the presence of another > app? How do I embed this or that image viewer or music player into this > or that cloud file sharing app? > Also, we want application sandboxing but are we going to allow > replacing system services in apps? Would we allow an app to act as an > interactive desktop background? Are sandboxed apps always fullscreen > like on Android and iOS, or may they have resizeable windows? > While this would be awesome to have, it's not part of the upload process. I'd really like to see a "desktop intents" framework for Linux, and I'm aware of at least a couple projects that have started on one. But that is something for a different spec. > > [ 2/ (installed files) above seems like a non-problem if we have unique > app names though ] > Michael Hall mhall...@ubuntu.com -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
