Talk:Packaging/Binaries: Difference between revisions
Latest comment: 2 October 2021 by Nix in topic untrusted binaries
imported>Nix No edit summary |
imported>Nix add Spectrum |
||
| Line 12: | Line 12: | ||
--[[User:Milahu|Milahu]] ([[User talk:Milahu|talk]]) 16:47, 1 October 2021 (UTC) | --[[User:Milahu|Milahu]] ([[User talk:Milahu|talk]]) 16:47, 1 October 2021 (UTC) | ||
: A virtual machine is most robust. X11docker a good combo; x11docker supports [https://katacontainers.io/ Kata Containers], which aims to combine the security of VMs with speed of containers. [[Security]] a good page for this too. — [[User:Nix|Nix]] ([[User talk:Nix|talk]]) 09: | : A virtual machine is most robust. X11docker a good combo; x11docker supports [https://katacontainers.io/ Kata Containers], which aims to combine the security of VMs with speed of containers. [[Security]] a good page for this too. [https://spectrum-os.org/design.html Spectrum OS] is a Nix-based design with similar aims; they were looking at crosvm with virtio_wl. — [[User:Nix|Nix]] [[User:Nix|Nix]] ([[User talk:Nix|talk]]) 09:24, 2 October 2021 (UTC) | ||
Revision as of 09:25, 2 October 2021
untrusted binaries
packaging and running untrusted binaries on nixos?
- NixOS Containers?
- firejail?
- virtual machine?
- https://github.com/mviereck/x11docker - "Run GUI applications and desktops in docker. Focus on security." (via stackexchange)
for example jdownloader is closed source, so i want to limit access to files, clipboard, etc.
--Milahu (talk) 16:47, 1 October 2021 (UTC)
- A virtual machine is most robust. X11docker a good combo; x11docker supports Kata Containers, which aims to combine the security of VMs with speed of containers. Security a good page for this too. Spectrum OS is a Nix-based design with similar aims; they were looking at crosvm with virtio_wl. — Nix Nix (talk) 09:24, 2 October 2021 (UTC)