Talk:Packaging/Binaries

From NixOS Wiki
Revision as of 00:00, 8 October 2021 by imported>Nix (on Microsoft's recent work to bring graphical Linux VMs to Windows and how that might be applied on Linux too)

Latest comment: 7 October 2021 by Nix in topic untrusted binaries

untrusted binaries

Latest comment: 7 October 20214 comments2 people in discussion

packaging and running untrusted binaries on nixos?

for example jdownloader is closed source, so i want to limit access to files, clipboard, etc.

--Milahu (talk) 16:47, 1 October 2021 (UTC)Reply

A virtual machine is most robust. X11docker a good combo; x11docker supports Kata Containers, which aims to combine the security of VMs with speed of containers. Security a good page for this too. Spectrum OS is a Nix-based design with similar aims; they were looking at crosvm with virtio_wl. — Nix (talk) 09:24, 2 October 2021 (UTC)Reply
There is a demo here: https://alyssa.is/using-virtio-wl/#demoNix (talk) 09:28, 2 October 2021 (UTC)Reply
Another relevant approach is Microsoft's development of VAIL with RDP (extending Wayland's Weston compositing manager's RDP support) in order to support low-latency zero-copy GPU-accelerated X11/Wayland-graphical Linux virtual machines on Windows. The same technology could be deployed very similarly with a Linux-guest-on-Linux-host approach for the sake of of security. — Nix (talk) 23:59, 7 October 2021 (UTC)Reply
Retrieved from "https://wiki.nixos.org/w/index.php?title=Talk:Packaging/Binaries&oldid=9351"