• Sailing7@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    The secured Sandbox maybe? The windows sandbox is pretty awesome for day to day use imo. And no a template VM or container isnt really the same thing. The sandbox has the task of making sure that there is nothing that can break out. Afaik the sanbox has done a pretty good job so far in that aspect. Does linux bring a comparable option to the table? Would love to find out, changig as many aspects of my life to linux is the best thing to do.

    • featured [he/him, comrade/them]@hexbear.net
      link
      fedilink
      English
      arrow-up
      0
      ·
      10 months ago

      Flatpak and Snap are Linux packaging formats that have sandboxing implemented and it’s pretty solid. There’s also Firejail for running sketchy applications in a stronger sandbox

      • Sailing7@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        10 months ago

        Reall great article. Thanks for sharing. But I dont know where you get the “literally a template” idea from. The article is explaining pretty well how its made and there isn’t one thing that leads to the assumption that this was just a template that gets booted up.

        • oscardejarjayes [comrade/them]@hexbear.net
          link
          fedilink
          English
          arrow-up
          0
          ·
          10 months ago

          It says in the article that windows sandbox is using a “base image”. It boots up the image, you do stuff then close it, and the next time you boot it up it’s the base image again. Is that not what a template VM would do?

          The primary difference between a usual VM template and this is that it’s small. “When installed the dynamic base package it occupies about 100MB disk space”. That’s because it’s essentially mounting a bunch of the system files immutably. You could theoretically do the same on Linux, but it probably wouldn’t be worth the effort.

          Most of the advancements they have is under the hood stuff, like linking files instead of directly including them or managing memory. Battery state pass through and graphics OOTB is cool though, depending on your setup you might have to put in a bit of work to make that happen on Linux.

    • V ‎ ‎ @beehaw.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      10 months ago

      People really dislike it when you point this out, But the security model on Linux is lacking. Yes, we have things like apparmor and SELinux, but compare it to sandboxd on macOS. The windows sandbox isn’t perfect, but it’s really user-friendly, and it works in most cases. Linux doesn’t have a direct equivalent. We’ve made great strides with making immutable distros through things like flatpack, and snap, but something that they failed to do is implement a least privilege model that is as robust as sandboxd on macOS.