[SailfishDevel] [Minutes] Sailfish OS Open Source Community Collaboration Meeting, 5th of September 2016

Andrew Penkrat penkrat8 at gmail.com
Wed Sep 7 13:47:25 UTC 2016


On Wednesday, September 7, 2016 4:20:04 PM MSK, Slava Monich 
<slava.monich at jolla.com> wrote:
> Hi Andrew,
> 
>>> To make matters worse, the plugin requirements may change over time, 
>>> meaning that a system upgrade may break the app because the app 
>>> didn't request access to some features required by the updated plugins.
>>
>> Application shouldn't know/care about how does plugin work. Plugins 
>> are parts of the system and shouldn't be sandboxed.
> 
> 
> How to you sandbox a native app without affecting plugins? They all live 
> within the same process, the same virtual address space. I don't think 
> it's possible to reliably track a system call back to the 
> executable/shared library it originated from, even with DEP (data 
> execution prevention) enabled. Without DEP it's plain impossible.
> 
> With the interpreted code like Java it's certainly doable. With the 
> native code, I very much doubt it.
> 
> Cheers,
> Slava
> 
> 

That's why I wrote this:
>>
>> I don't know much about implementation, but Ubuntu Touch somehow 
>> achieves this with AppArmor.
>>

AFAIK, at least for QML plugins it runs them in separate processes and 
application communicates with them via DBus. All seamlessly for developer.

Regards,
Andrew



-- 
Sent using Dekko from my Ubuntu device


More information about the Devel mailing list