Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> that's better done further down the stack

If you do it further down the stack, you break accessibility and automation even more... this has been tried. Doesn't work.

The end goal is to have actually working Android-like sandboxing rather than some broken firejail crap.



So we don't get the security benefits or accessibility. I'm not sure what is being solved. I'm all for a modern display system, I'm just not convinced the security claims are in anyway justified.


How is preventing apps from spying on each other through the display manager not justified? That's the lowest hanging fruit for desktop sandboxing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: