On 13-05-13 11:05 AM, Alejandro J. Cura wrote: > Colin Watson wrote on 08/05/13 11:14: >> Is there anything else people can think of that a system like this >> needs to consider? > > This thread assumes that packages need to be uncompressed and > installed before usage, so I'd like to ask if there was any discussion > re: using something like squashfs images as the distributed packages > instead of a zip or tar-like file. > > This would mean that such downloaded images can be mounted read-only > by whatever launches applications, using nosuid, nodev, and with the > required uid, and then run immediately, instead of having to go thru a > copy of files from the package to the storage, which slows down > installation and usually requires double the storage space. > > I'm surely missing some bits of the picture, so please flame me if > that's the case.
That would mean we'd need to have a privileged helper to be able to mount application packages at application execution time. There are a lot of security implications of doing something like this, and I fear this would be a substantial attack surface. Marc. -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel