[arch-general] [arch-dev-public] linux 3.16 in [testing]

Carl Schaefer schaefer at trilug.org
Sat Aug 16 11:18:51 EDT 2014 

> >> If you give me a valid use case for USER_NS, I might reconsider, but
> >> every use case I can imagine is crushed by the limitations of the
> >> implementation.
> > 
> > The use case is that you don't need root access to start a container.
> > I can run Firefox with a limited view to the filesystem for example,
> > as a normal user.
> > Or limited view to the network, for ex. just ipv4, just ipv6, just vpn.
> 
> It's not possible to sandbox an X11 application externally, so Firefox
> isn't a good example. The ability to see the contents of every window,
> draw arbitrary stuff in the windows, capture every input event without
> focus, etc. completely breaks it.

has anybody tried Qubes?

  https://qubes-os.org/

it appears to be designed to address that problem:

        Qubes implements a Security by Isolation approach by providing
        the user with the ability to easily create many security
        domains. These domains are implemented as lightweight Virtual
        Machines (VMs) running under the Xen hypervisor. Qubes' main
        objective is to provide strong isolation between these domains,
        so that even if an attacker compromises one of the domains, the
        others are still safe. Qubes, however, does not attempt to
        provide any security isolation for applications running within
        the same domain. For example, a buggy web browser running in a
        Qubes domain could still be compromised just as easily as on a
        regular Linux distribution. The difference that Qubes makes is
        that now the attacker doesn't have access to all the software
        running in the other domains.
        
        Qubes also provides a number of mechanisms that make it easy and
        convenient for the user to run multiple domains, such as
        seamless GUI integration onto one common desktop, secure
        clipboard copy and paste between domains, secure file transfer
        between domains, disposable VMs, and much more. Qubes also
        provides an advanced networking infrastructure that allows for
        the creation of multiple network VMs (which isolate all the
        world-facing networking stacks) and proxy VMs which can be used
        for advanced VPN and tunnelling over untrusted connections.

More information about the arch-general mailing list