This week in Plasma: Getting #Plasma6.3 into shape, more KRunner searches, better scaling and a whole lot more:
This week in Plasma: Getting #Plasma6.3 into shape, more KRunner searches, better scaling and a whole lot more:
This week in Plasma: Getting #Plasma6.3 into shape, more KRunner searches, better scaling and a whole lot more:
https://blogs.kde.org/2025/01/18/this-week-in-plasma-getting-plasma-6.3-in-great-shape/
@kde@floss.social @kde@lemmy.kde.social
Can you tell us what happens on the "sandbox all the things" goal?
I think this is a pretty crucial step forward, even though #sandbox technologies (most often through user namespaces) are more problematic than I initially thought.
(Basically, user #namespaces open up #privesc dangers to the monolithic #kernel, which is incredible. #Android and #ChromeOS use #LXC, mounts and #SELinux for #sandboxing)
@Rhababerbarbar @kde@lemmy.kde.social
"Sandbox all the things" is not currently a KDE goal.
https://kde.org/goals/
@kde@floss.social @kde@lemmy.kde.social
Thx for the info, then it is like that.
Here is the goal proposal
https://phabricator.kde.org/T17370
Tbh, #bubblewrap would need to be fixed drastically to be as secure as the #Android #sandbox. And (I am not sure yet) I think even #Snaps are more secure (on #Ubuntu with #Apparmor patches) than #Flatpak with the current system.
As far as I understood, sandboxing needs to happen in #userspace, with tools like #fuse doing the work while being restricted by #MAC like #SELinux or Apparmor.