[SailfishDevel] [Minutes] Sailfish OS Open Source Community Collaboration Meeting, 5th of September 2016

Slava Monich slava.monich at jolla.com
Wed Sep 7 13:20:04 UTC 2016

Hi Andrew,

>> To make matters worse, the plugin requirements may change over time, 
>> meaning that a system upgrade may break the app because the app 
>> didn't request access to some features required by the updated plugins.
> Application shouldn't know/care about how does plugin work. Plugins 
> are parts of the system and shouldn't be sandboxed.

How to you sandbox a native app without affecting plugins? They all live 
within the same process, the same virtual address space. I don't think 
it's possible to reliably track a system call back to the 
executable/shared library it originated from, even with DEP (data 
execution prevention) enabled. Without DEP it's plain impossible.

With the interpreted code like Java it's certainly doable. With the 
native code, I very much doubt it.


> I don't know much about implementation, but Ubuntu Touch somehow 
> archives this with AppArmor.
> Regards,
> Andrew

More information about the Devel mailing list