Talk:Packaging/Binaries

packaging and running untrusted binaries on nixos?

• NixOS Containers?
• firejail?
• virtual machine?
• https://github.com/mviereck/x11docker - "Run GUI applications and desktops in docker. Focus on security." (via stackexchange)

for example jdownloader is closed source, so i want to limit access to files, clipboard, etc.

--Milahu (talk) 16:47, 1 October 2021 (UTC)Reply

A virtual machine is most robust. X11docker a good combo; x11docker supports Kata Containers, which aims to combine the security of VMs with speed of containers. Security a good page for this too. Spectrum OS is a Nix-based design with similar aims; they were looking at crosvm with virtio_wl. — Nix Nix (talk) 09:24, 2 October 2021 (UTC)Reply