Sandboxed applications for GNOME

Lennart Poettering

Currently, shipping applications for GNOME is hard. You have to deal with a multitude of distributions, with numerous different library versions and patch levels. API stability is weak, and getting things tested sufficiently against this all is difficult. To get your application into the hands of the users you have to convince the distributions to package it.

Currently, downloading and running applications for GNOME is cumbersome and potentially dangerous. You have to find the application pre-built for your distribution and architecture in the right version, and when you run it you need to trust the author or distributor that the code is safe and doesn't contain backdoors or trojan horses, as applications run at full privileges of your user.

Other Operating Systems feature app sandboxes that isolate the applications from the OS and provide greater security, manageability and API stability this way. We want the same for Linux and GNOME, to make it easier both to ship and consume GNOME applications.This talk will introduce you to our plans to implement this for Linux and GNOME, within the systemd project. We'll talk about the steps required to get there, ranging from kernel and plumbing layer issues, to GNOME platform changes all the way to what this means for GNOME applications.