Talk:Packaging/Binaries: Difference between revisions

← Older edit Newer edit →

VisualWikitext

Revision as of 00:00, 8 October 2021

untrusted binaries

Latest comment: 7 October 20214 comments2 people in discussion

packaging and running untrusted binaries on nixos?

NixOS Containers?
firejail?
virtual machine?
https://github.com/mviereck/x11docker - "Run GUI applications and desktops in docker. Focus on security." (via stackexchange)

for example jdownloader is closed source, so i want to limit access to files, clipboard, etc.

--Milahu (talk) 16:47, 1 October 2021 (UTC)Reply

A virtual machine is most robust. X11docker a good combo; x11docker supports Kata Containers, which aims to combine the security of VMs with speed of containers. Security a good page for this too. Spectrum OS is a Nix-based design with similar aims; they were looking at crosvm with virtio_wl. — Nix (talk) 09:24, 2 October 2021 (UTC)Reply

There is a demo here: https://alyssa.is/using-virtio-wl/#demo — Nix (talk) 09:28, 2 October 2021 (UTC)Reply

Another relevant approach is Microsoft's development of VAIL with RDP (extending Wayland's Weston compositing manager's RDP support) in order to support low-latency zero-copy GPU-accelerated X11/Wayland-graphical Linux virtual machines on Windows. The same technology could be deployed very similarly with a Linux-guest-on-Linux-host approach for the sake of of security. — Nix (talk) 23:59, 7 October 2021 (UTC)Reply

Revision as of 09:28, 2 October 2021 view source imported>Nix No edit summary ← Older edit		Revision as of 00:00, 8 October 2021 view source imported>Nix on Microsoft's recent work to bring graphical Linux VMs to Windows and how that might be applied on Linux too Newer edit →
Line 15:		Line 15:

	:: There is a demo here: https://alyssa.is/using-virtio-wl/#demo — [[User:Nix\|Nix]] ([[User talk:Nix\|talk]]) 09:28, 2 October 2021 (UTC)		:: There is a demo here: https://alyssa.is/using-virtio-wl/#demo — [[User:Nix\|Nix]] ([[User talk:Nix\|talk]]) 09:28, 2 October 2021 (UTC)

			: Another relevant approach is Microsoft's [https://xdc2020.x.org/event/9/contributions/611/attachments/702/1298/XDC2020_-_X11_and_Wayland_applications_in_WSL.pdf development of VAIL with RDP] (extending Wayland's Weston compositing manager's RDP support) in order to support low-latency zero-copy GPU-accelerated X11/Wayland-graphical Linux virtual machines on Windows. The same technology could be deployed very similarly with a Linux-guest-on-Linux-host approach for the sake of of security. — [[User:Nix\|Nix]] ([[User talk:Nix\|talk]]) 23:59, 7 October 2021 (UTC)