fsebugoutzone.org:9999

       Post AD5gSNFB2V3H9A7UES by bugaevc@mastodon.technology
 (DIR) More posts by bugaevc@mastodon.technology
 (DIR) Post #AD5YhQvKq9qXGpVbWq by bugaevc@mastodon.technology
       2021-11-05T08:48:10Z
       
       0 likes, 0 repeats
       
       &quot;Sergey just had his morning ☕&quot; idle thought:the sandboxing features of #Flatpak should be fairly orthogonal to its distribution features (runtimes, remotes, OSTree, manifests, ...)so there should be a way to run most &quot;system&quot; apps &quot;in a Flatpak sandbox&quot; and reap all the security benefits without compromising on systems integration &amp; stuff
       
 (DIR) Post #AD5YhRWCd5Kx7Al2zg by js@mstdn.io
       2021-11-05T11:02:25Z
       
       0 likes, 0 repeats
       
       @bugaevc What you are looking for already exists and is called bubblewrap.
       
 (DIR) Post #AD5YhSCO6F55E0UjkO by bugaevc@mastodon.technology
       2021-11-05T08:58:29Z
       
       0 likes, 0 repeats
       
       Maybe I can hack something up real quick 🤔
       
 (DIR) Post #AD5anfQ03vnxs1x6HI by bugaevc@mastodon.technology
       2021-11-05T11:25:55Z
       
       0 likes, 0 repeats
       
       @js please see my other reply: https://mastodon.technology/@bugaevc/107223912201232412bwrap is a small tool to expose Linux namespaces to unprivileged users, and to provide a CLI for it. What I&#39;m looking for is not a way to create namespaces — that you can already do, with bubblewrap or otherwise — but to run host things in the real actual Flatpak sandbox/context.
       
 (DIR) Post #AD5cUHDrzryBEe9zqy by js@mstdn.io
       2021-11-05T11:44:51Z
       
       0 likes, 0 repeats
       
       @bugaevc bwrap *is* the real actual Flatpak sandbox/context.
       
 (DIR) Post #AD5gSNFB2V3H9A7UES by bugaevc@mastodon.technology
       2021-11-05T12:28:38Z
       
       0 likes, 0 repeats
       
       @js Flatpak context is just bwrap in the same way as systemd services are just processes or ActivityPub is just HTTP, or I&#39;m just a bunch of atoms: it&#39;s a higher-level concept that&#39;s built on a lower-level mechanism.I&#39;m mostly looking for things in flatpak-instance.c, flatpak-context.c, and flatpak-run.c in libflatpak. There&#39;s surely some bwrap args building there; but it&#39;s how they are built and what other things are started/created (like those state files in .flatpak) that are interesting.