[SailfishDevel] [Minutes] Sailfish OS Open Source Community Collaboration Meeting, 5th of September 2016
Tone Kastlunger
users.giulietta at gmail.com
Thu Sep 8 06:23:32 UTC 2016
s/project/process heh
On Thu, Sep 8, 2016 at 9:23 AM, Tone Kastlunger <users.giulietta at gmail.com>
wrote:
> QML plugins in a separate project - something is amiss here; but anyways.
> It is fairly easy to evaluate a technology for a certain use in my
> opinion; especially if that technology is not new and has been used
> (SELinux has),
> and ESPECIALLY if it has been used in the same context already (i.e.
> Android).
> Slava, you mention about ABI compatibility; how does Android solve this?
> Is this a problem for Android as well?
> Applications on android request access on install already; i.e. they
> provide a manifest to do so, not during runtime.
> It is a plus for SELinux, that having it would remove some entries from
> the porting from android task list (potentially).
>
> Think about this from different angles;
>
> what do developers want?
> what do developers *need*?
> what consequences will the choice that is made have? how will they
> influence development?
> how will this tech be used? By whom?
>
>
>
>
>
>
> On Wed, Sep 7, 2016 at 4:47 PM, Andrew Penkrat <penkrat8 at gmail.com> wrote:
>
>> On Wednesday, September 7, 2016 4:20:04 PM MSK, Slava Monich <
>> slava.monich at jolla.com> wrote:
>>
>>> Hi Andrew,
>>>
>>> To make matters worse, the plugin requirements may change over time,
>>>>> meaning that a system upgrade may break the app because the app didn't
>>>>> request access to some features required by the updated plugins.
>>>>>
>>>>
>>>> Application shouldn't know/care about how does plugin work. Plugins are
>>>> parts of the system and shouldn't be sandboxed.
>>>>
>>>
>>>
>>> How to you sandbox a native app without affecting plugins? They all live
>>> within the same process, the same virtual address space. I don't think it's
>>> possible to reliably track a system call back to the executable/shared
>>> library it originated from, even with DEP (data execution prevention)
>>> enabled. Without DEP it's plain impossible.
>>>
>>> With the interpreted code like Java it's certainly doable. With the
>>> native code, I very much doubt it.
>>>
>>> Cheers,
>>> Slava
>>>
>>>
>>>
>> That's why I wrote this:
>>
>>>
>>>> I don't know much about implementation, but Ubuntu Touch somehow
>>>> achieves this with AppArmor.
>>>>
>>>>
>> AFAIK, at least for QML plugins it runs them in separate processes and
>> application communicates with them via DBus. All seamlessly for developer.
>>
>> Regards,
>> Andrew
>>
>>
>>
>> --
>> Sent using Dekko from my Ubuntu device
>> _______________________________________________
>> SailfishOS.org Devel mailing list
>> To unsubscribe, please send a mail to devel-unsubscribe at lists.sailfi
>> shos.org
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sailfishos.org/pipermail/devel/attachments/20160908/999849e0/attachment.html>
More information about the Devel
mailing list