Linux desktop applications are relatively unconstrained by default: they can access the user’s home directory, execute any program, and interact with arbitrary network locations. This free access is convenient, but also raises security concerns around misconfigured or misbehaving programs.
There are several existing tools to help with application security.
Since 2005, Linux has had a “secure computing” feature,
seccomp, which allows restricting applications’ access to various resources. Firejail is a program that takes advantage of
seccompto sandbox applications, limiting their access to files and interfaces that the user allows. Firejail also provides a large set of configurations for popular applications, allowing these applications the resources they need and denying the resources they don’t need.
Another tool is Bubblewrap, which says:
bubblewrap works by creating a new, completely empty, mount namespace where the root is on a tmpfs that is invisible from the host, and will be automatically cleaned up when the last process exits.
There has been some prior discussion of application sandboxing in NixOS, so it sounds like people are interested. I’m interested in continuing the conversation, focusing on how we can move toward a more comprehensive solution that enables convenient but safe application usage by default.
For example, would it be realistic to create a version of nixpkgs that wraps all application binaries in a firejail/flatpack/bubblewrap sandbox execution environment? If not, what would be a better path forward?