Security: Difference between revisions

Line 46:

==== Flatpaks ====

[https://en.wikipedia.org/wiki/Flatpak Flatpak]'ed applications are [https://docs.flatpak.org/en/latest/sandbox-permissions.html sandboxed] and require explicit privilege declaration for most access outside their own path. NixOS includes [https://nixos.org/manual/nixos/unstable/index.html#module-services-flatpak support for Flatpak]. Note that, since Flatpak application dependencies are [https://stackoverflow.com/questions/26217488/what-is-vendoring bundled/vendored], this introduces ~~other security risks for the application~~ [https://blogs.gentoo.org/mgorny/2021/02/19/the-modern-packagers-security-nightmare/]. Also, most application flatpaks [https://flatkill.org/ do no not make meaningful use of the sandbox].

[https://en.wikipedia.org/wiki/Flatpak Flatpak]'ed applications are [https://docs.flatpak.org/en/latest/sandbox-permissions.html sandboxed] and require explicit privilege declaration for most access outside their own path. NixOS includes [https://nixos.org/manual/nixos/unstable/index.html#module-services-flatpak support for Flatpak]. Note that, since Flatpak application dependencies are [https://stackoverflow.com/questions/26217488/what-is-vendoring bundled/vendored], this introduces [https://blogs.gentoo.org/mgorny/2021/02/19/the-modern-packagers-security-nightmare/ other security risks] for the application . Also, most application flatpaks [https://flatkill.org/ do no not make meaningful use of the sandbox].

==== Linux Containers ====

@@ Line 46: / Line 46: @@
 ==== Flatpaks ====
-[https://en.wikipedia.org/wiki/Flatpak Flatpak]'ed applications are [https://docs.flatpak.org/en/latest/sandbox-permissions.html sandboxed] and require explicit privilege declaration for most access outside their own path. NixOS includes [https://nixos.org/manual/nixos/unstable/index.html#module-services-flatpak support for Flatpak]. Note that, since Flatpak application dependencies are [https://stackoverflow.com/questions/26217488/what-is-vendoring bundled/vendored], this introduces other security risks for the application [https://blogs.gentoo.org/mgorny/2021/02/19/the-modern-packagers-security-nightmare/]. Also, most application flatpaks [https://flatkill.org/ do no not make meaningful use of the sandbox].
+[https://en.wikipedia.org/wiki/Flatpak Flatpak]'ed applications are [https://docs.flatpak.org/en/latest/sandbox-permissions.html sandboxed] and require explicit privilege declaration for most access outside their own path. NixOS includes [https://nixos.org/manual/nixos/unstable/index.html#module-services-flatpak support for Flatpak]. Note that, since Flatpak application dependencies are [https://stackoverflow.com/questions/26217488/what-is-vendoring bundled/vendored], this introduces [https://blogs.gentoo.org/mgorny/2021/02/19/the-modern-packagers-security-nightmare/ other security risks] for the application . Also, most application flatpaks [https://flatkill.org/ do no not make meaningful use of the sandbox].
 ==== Linux Containers ====