Comment by cosmic_cheese

6 days ago

They only cover the user-facing app part of the story. The rest of the system needs isolation and safeguards, too, including things like the desktop environment and whatever random daemon.

A solution that's integral to the system and not just loosely taped on is required.

3 comments

cosmic_cheese

necovek 6 days ago

For many services that was solved even earlier: that's why things like Docker, podman and VMs are so popular.

The hard bit is the desktop experience which is not fully there yet, but the technology is.

cosmic_cheese 6 days ago
Docker style containerization technically works, but for desktop use I think is a rather heavy kludge and not really a solution.
It would be much more nice if e.g. daemons could have their privileges pared down to only exactly what they need to function and nothing more with a config file somewhere. This can somewhat be achieved with the user system, but that really doesn’t scale well and doesn’t suit the purpose all that well in some ways.
- heavyset_go 5 days ago
  
  You're describing what already exists in systemd