zlacker

[parent] [thread] 2 comments
1. okanat+(OP)[view] [source] 2026-02-04 00:50:13
The containers are literally the "bolting on". You need to give the illusion of the software is running under a full OS but you can actually mount the system directories as read-only.
replies(1): >>akdev1+kn
2. akdev1+kn[view] [source] 2026-02-04 03:51:28
>>okanat+(OP)
and you still need to mount volumes and add all sorts of holes in the sandbox for applications to work correctly and/or be useful

try to run gimp inside a container for example, you’ll have to give access to your ~/Pictures or whatever for it to be useful

Compared to some photo editing applications on android/iOS which can work without having filesystem access by getting the file through the OS file picker

replies(1): >>int_19+Uq7
◧◩
3. int_19+Uq7[view] [source] [discussion] 2026-02-06 02:45:18
>>akdev1+kn
What we need is a model similar to Google+ circles if anyone can remember that.

Basically a thing that I could assign 1) apps and 2) content to. Apps can access all content in all circles they are assigned to. Circles can overlap arbitrarily so you can do things like having apps A,B,C share access to documents X,Y but only A,B have access to Z etc.

[go to top]