Security: Difference between revisions
imported>Nix →SELinux: add link |
imported>Nix →Flatpaks: flatpak reference |
||
| Line 46: | Line 46: | ||
==== Flatpaks ==== | ==== Flatpaks ==== | ||
[https://en.wikipedia.org/wiki/Flatpak Flatpak]'ed applications are [https://docs.flatpak.org/en/latest/sandbox-permissions.html sandboxed] and require explicit privilege declaration for most access outside their own path. NixOS includes [https://nixos.org/manual/nixos/unstable/index.html#module-services-flatpak support for Flatpak]. Note that, since Flatpak application dependencies are [https://stackoverflow.com/questions/26217488/what-is-vendoring bundled/vendored], this introduces other security risks for the application [https://blogs.gentoo.org/mgorny/2021/02/19/the-modern-packagers-security-nightmare/]. | [https://en.wikipedia.org/wiki/Flatpak Flatpak]'ed applications are [https://docs.flatpak.org/en/latest/sandbox-permissions.html sandboxed] and require explicit privilege declaration for most access outside their own path. NixOS includes [https://nixos.org/manual/nixos/unstable/index.html#module-services-flatpak support for Flatpak]. Note that, since Flatpak application dependencies are [https://stackoverflow.com/questions/26217488/what-is-vendoring bundled/vendored], this introduces other security risks for the application [https://blogs.gentoo.org/mgorny/2021/02/19/the-modern-packagers-security-nightmare/]. Also, most application flatpaks [https://flatkill.org/ do no not make meaningful use of the sandbox]. | ||
==== Linux Containers ==== | ==== Linux Containers ==== | ||