I know, I’ve looked a lot into chroot escapes for other projects. That’s why I didn’t suggest to use chroots for isolating processes. It’s only to have the base system and app data on 2 different images.
sandbox-app-launcher is what would be used for isolating apps. We’d chroot, then run the app in sandbox-app-launcher.
Create a wrapper that runs sudo apt install -o Dir=/apps pkg-name
or maybe we can add an apt configuration file.
It should, hence the -o Dir=/apps
.
I think it might be good to allow the user to install their own programs but Debian has so much generic system stuff in the repos other than actual apps that might make this problematic.
I haven’t seen full system MAC policies on desktop Linux either yet we have apparmor-profile-everything.
We should probably look into the update_engine thing Daniel Micay talked about.
The same chroot.
Yes.
That would be trivial to implement. We just need to create /shared-storage
or similar.
sandbox-app-launcher would drop privileges (sudo -H -u "${app_user}"
).