[sane-devel] Sandboxing scanner applications

Bastien Nocera hadess at hadess.net
Sat Sep 19 16:07:54 BST 2020


On Sat, 2020-09-19 at 07:55 -0400, Kelly Price wrote:
> The question I have is... how strong is the Flatpak sandbox? 

Flatpak's sandbox is as strong as you set it up to be, stronger using
Wayland than X11, stronger when there's no network access, stronger
when there's no direct file access, etc. And it uses the same kernel
technology as docker, and plenty of other container software.

>  Will it
> allow such a deal?

I don't understand what that means.

> On Sat, Sep 19, 2020 at 7:42 AM Alexander Pevzner <pzz at apevzner.com>
> wrote:
> > 
> > On 9/19/20 12:25 PM, Bastien Nocera wrote:
> > > Sealed memfds, passed via D-Bus, that's 1/2GB in all :)
> > 
> > If D-Bus can pass an arbitrary file descriptor, it can be used to
> > pass
> > AF_UNIX socket, allowing usage of "network" transport without
> > actual
> > access to networking, and saving 1/2GB of memfs :-)
> > 
> > --
> > 
> >         Wishes, Alexander Pevzner (pzz at apevzner.com)
> > 
> 
> 





More information about the sane-devel mailing list