zlacker

[parent] [thread] 3 comments
1. IcyWin+(OP)[view] [source] 2026-02-04 00:37:08
Windows has had this for over a decade, but no one wants to put their application in a sandbox.
replies(1): >>akdev1+X
2. akdev1+X[view] [source] 2026-02-04 00:44:08
>>IcyWin+(OP)
If a sandbox is optional then it is not really a good sandbox

naturally even flatpak on Linux suffers from this as legacy software simply doesn’t have a concept of permission models and this cannot be bolted on after the fact

replies(1): >>okanat+Z1
◧◩
3. okanat+Z1[view] [source] [discussion] 2026-02-04 00:50:13
>>akdev1+X
The containers are literally the "bolting on". You need to give the illusion of the software is running under a full OS but you can actually mount the system directories as read-only.
replies(1): >>akdev1+jp
◧◩◪
4. akdev1+jp[view] [source] [discussion] 2026-02-04 03:51:28
>>okanat+Z1
and you still need to mount volumes and add all sorts of holes in the sandbox for applications to work correctly and/or be useful

try to run gimp inside a container for example, you’ll have to give access to your ~/Pictures or whatever for it to be useful

Compared to some photo editing applications on android/iOS which can work without having filesystem access by getting the file through the OS file picker

[go to top]