[kwlug-disc] linux distro ... -> sandboxed runtimes

Mikalai Birukou mb at 3nsoft.com
Tue Oct 21 10:08:51 EDT 2025 

There is an important aspect with sandboxed runtimes. Sandbox doesn't 
allow program to "do anything", requiring permissions, ... but who 
should be passing a judgement call: "Big Store" or a "little user/me".

Context quote:

> My own personal experience with Snap as a developer is such that I won't allow Snap on any of my machines. When I was working on the Curv open source project, a contributor created a snap package for Curv. I tested it, and it didn't work on my machine due to a sandboxing problem. But Blender, another 3D modelling program, did work on my machine in snap form. The difference was in the sandboxing parameters. I asked the contributor to use the same sandboxing parameters for the Curv snap as was used by the Blender snap. The answer was: this is impossible, because Canonical would not accept the Curv snap with those parameters, and therefore it was impossible to distribute the snap. Only Canonical had the power to allow Curv to run correctly, and the Curv project did not have the same level of political power as the Blender project, so we were out of luck.

Let's replace: snap -> Android Google Play store, parameters for Curv -> 
permission to use camera, -- and we would get a similar situation where 
another "Big Store" makes decision on behalf of users, ... to protect, 
of course, ... while removing any freedom from users, by removing 
competition.

Argument would then go, "how could little user/me" know?

Let me come back to short discussion at our October meeting:
- many of these systems with sandboxed runtimes for apps have explicit 
permissions parameters, in manifests.
- tools can be made to analyze relationships and give "little user" 
actionable suggestions. Information is there, in every user's system.
- such tools where not observed, even by those who are tasked with 
making information security judgements.

What if there is a meaningful help to "little user" for making 
permissions? Then the "free world" stops being a synonym with "dangerous 
world".
What if it is a "middle user", organization's admin? Then we can have 
secure organization context without giving all controls to "Big Co's", 
with their tendencies.

Note that browsers are also similar sandboxed runtimes, and many learn 
phrase "User Agent" first in browser context. Hence, experience with 
browsers is also relevant here.

More information about the kwlug-disc mailing list