[Linux-aus] LCA Lecture about sandboxing desktop apps

Trent Lloyd trent at lloyd.id.au
Tue Jun 20 11:47:41 AEST 2023 

Russell,

> On 20 Jun 2023, at 8:44 am, Russell Coker via linux-aus <linux-aus at lists.linux.org.au> wrote:
> 
> On Tuesday, 20 June 2023 00:25:17 AEST Andrew Reimers via linux-aus wrote:
>> Have you looked into QubesOS? (https://www.qubes-os.org/)
>> 
>> It uses VMs to isolate different desktop applications. And has a security
>> model that doesn't outright suck.
>> 
>> We did a couple of LCA talks on what it is and why people should use it.
>> 
>> I guess it's biggest disadvantages are:
>> 
>>   - It can be a bit of a memory hog. (Especially if you start launching 4x
>>   copies of firefox in different networking contexts)
>>   - Applications can't access the GPU, and must be fully software rendered
> 
> Thanks for the information, I had heard of Qubes before, I wasn't aware of the 
> GPU issue but I was aware of the memory issue.
> 
> The scenario I'm most interested in at this time is mobile phones where memory 
> is limited and CPUs are somewhat slow and also less energy efficient for 
> rendering type tasks than the GPU.  So Qubes probably won't fit, and even Snap 
> probably won't work.  But something along similar lines could.
> 
> Qubes definitely solves some problems quite well.
> 
> I've added some Qubes videos to my watch list, not to use Qubes but to see how 
> you dealt with some of the technical challenges and work out other ways of 
> achieving comparable results.
> 
> Also for Qubes have you tried to address the issue of multiple types of data 
> on the same device, EG company and personal data?  Something similar in 
> concept to Samsung's Knox.

I recently read this article:
https://privsec.dev/posts/linux/desktop-linux-hardening

Various interesting bits but in particular it linked me to a couple of AppArmor profile repositories trying to contain much more of, or, the entire system including systemd etc that I hadn’t previously heard of. They may be of interest. By default Ubuntu only applies AppArmor profiles to various specific bits of software and not too many of them (excepts snaps; which uses AppArmor for much of it's isolation work):
https://github.com/Kicksecure/apparmor-profile-everything
https://github.com/krathalan/apparmor-profiles

According to another article (it seems to have been a popular topic lately) ChromeOS apparently is also sandboxing everything including the system processes, and you may find some inspiration there. I got that from this article:
https://bjornpagen.com/en_US/desktop%20linux%20is%20insecure

There’s also a few interesting tidbits in the hacker news comments of both articles.

Though not a complete solution, I hope that maybe gives you some interesting reference material to build from.

Cheers,
Trent

https://fosstodon.org/@lathiat

More information about the linux-aus mailing list