[SailfishDevel] [Minutes] Sailfish OS Open Source Community Collaboration Meeting, 5th of September 2016
Andrew Penkrat
penkrat8 at gmail.com
Wed Sep 7 13:47:25 UTC 2016
On Wednesday, September 7, 2016 4:20:04 PM MSK, Slava Monich
<slava.monich at jolla.com> wrote:
> Hi Andrew,
>
>>> To make matters worse, the plugin requirements may change over time,
>>> meaning that a system upgrade may break the app because the app
>>> didn't request access to some features required by the updated plugins.
>>
>> Application shouldn't know/care about how does plugin work. Plugins
>> are parts of the system and shouldn't be sandboxed.
>
>
> How to you sandbox a native app without affecting plugins? They all live
> within the same process, the same virtual address space. I don't think
> it's possible to reliably track a system call back to the
> executable/shared library it originated from, even with DEP (data
> execution prevention) enabled. Without DEP it's plain impossible.
>
> With the interpreted code like Java it's certainly doable. With the
> native code, I very much doubt it.
>
> Cheers,
> Slava
>
>
That's why I wrote this:
>>
>> I don't know much about implementation, but Ubuntu Touch somehow
>> achieves this with AppArmor.
>>
AFAIK, at least for QML plugins it runs them in separate processes and
application communicates with them via DBus. All seamlessly for developer.
Regards,
Andrew
--
Sent using Dekko from my Ubuntu device
More information about the Devel
mailing list