Hacker News new | past | comments | ask | show | jobs | submit login

Containers, chroot jails and whathaveyous have existed long before snap came along. Like other have said, flatpak is a more sane alternative that doesn't impose idiotic requirements like systemd or x server.



> doesn’t impose idiotic requirements like ... x server

How are you going to sandbox graphical apps without knowing about (and having capabilities around) the system by which a containerized app would communicate with your OS’s graphics subsystem?

I mean, if you’re not going to run any X11-client graphical apps, it should probably be optional to have an X11 server installed; but either way, you’ll need the X11 wire-protocol libraries (“xorg-common” in most package repos) for the sandbox to link in.


> How are you going to sandbox graphical apps without knowing about (and having capabilities around) the system by which a containerized app would communicate with your OS’s graphics subsystem?

Wayland is the way forward.

> you’ll need the X11 wire-protocol libraries (“xorg-common” in most package repos) for the sandbox to link in.

Today, runtimes do contain client x11 libs. However, nothing in flatpak requires it and it is possible to phase them out in the future releases of runtimes.


> Wayland is the way forward.

Wayland has been "The Way Forward(tm)" for 10 years now.

That may be. But nobody in RedHat/Canonical/etc. believes that enough to put sufficient manpower on it to make it true.


> But nobody in RedHat/Canonical/etc. believes that enough to put sufficient manpower on it to make it true.

It is default display server in RHEL8. If that is not believing enough in it, I don't want to even know what would be sufficient to prove otherwise.


Right, sand-boxing should be made at OS-Level not in User-space.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: