[SailfishDevel] [Minutes] Sailfish OS Open Source Community Collaboration Meeting, 5th of September 2016

Andrew Penkrat penkrat8 at gmail.com
Wed Sep 7 13:47:25 UTC 2016

On Wednesday, September 7, 2016 4:20:04 PM MSK, Slava Monich 
<slava.monich at jolla.com> wrote:
> Hi Andrew,
>>> To make matters worse, the plugin requirements may change over time, 
>>> meaning that a system upgrade may break the app because the app 
>>> didn't request access to some features required by the updated plugins.
>> Application shouldn't know/care about how does plugin work. Plugins 
>> are parts of the system and shouldn't be sandboxed.
> How to you sandbox a native app without affecting plugins? They all live 
> within the same process, the same virtual address space. I don't think 
> it's possible to reliably track a system call back to the 
> executable/shared library it originated from, even with DEP (data 
> execution prevention) enabled. Without DEP it's plain impossible.
> With the interpreted code like Java it's certainly doable. With the 
> native code, I very much doubt it.
> Cheers,
> Slava

That's why I wrote this:
>> I don't know much about implementation, but Ubuntu Touch somehow 
>> achieves this with AppArmor.

AFAIK, at least for QML plugins it runs them in separate processes and 
application communicates with them via DBus. All seamlessly for developer.


Sent using Dekko from my Ubuntu device

More information about the Devel mailing list