boredsquirrel<p><span class="h-card" translate="no"><a href="https://floss.social/@kde" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kde@floss.social</span></a></span> <span class="h-card" translate="no"><a href="https://lemmy.kde.social/c/kde" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kde@lemmy.kde.social</span></a></span> </p><p>Can you tell us what happens on the "sandbox all the things" goal?</p><p>I think this is a pretty crucial step forward, even though <a href="https://tux.social/tags/sandbox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sandbox</span></a> technologies (most often through user namespaces) are more problematic than I initially thought.</p><p>(Basically, user <a href="https://tux.social/tags/namespaces" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>namespaces</span></a> open up <a href="https://tux.social/tags/privesc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privesc</span></a> dangers to the monolithic <a href="https://tux.social/tags/kernel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kernel</span></a>, which is incredible. <a href="https://tux.social/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> and <a href="https://tux.social/tags/ChromeOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChromeOS</span></a> use <a href="https://tux.social/tags/LXC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LXC</span></a>, mounts and <a href="https://tux.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SELinux</span></a> for <a href="https://tux.social/tags/sandboxing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sandboxing</span></a>)</p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
197active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#namespaces
0 posts · 0 participants · 0 posts today
lj·rk<p>So, anyone here with <a href="https://todon.eu/tags/Nix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nix</span></a> and/or <a href="https://todon.eu/tags/Silverblue" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Silverblue</span></a> + a bit of deeper container/#podman and <a href="https://todon.eu/tags/namespaces" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>namespaces</span></a> knowledge?</p><p>I, again, am thinking about combining Silverblue as my base system with a more complex Nix setup to replace toolbox (which is effectively a separate whole Linux to maintain or throw away regularly, or build a CI for to create new images, etc. -- nah).</p><p>Now, Nix works fine, but it needs to store things under /nix because most binaries are prefix dependent and not portable in their location. But what if I download the nix store to $HOME/.nix instead and then launch a light-weight throw-away container/namespace that simply maps $HOME/.nix to /nix but keeps everything else identical?</p><p>Would that work? Did someone already build that stuff?</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload