13
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 23 Sep 2023
13 points (93.3% liked)
Linux
48210 readers
717 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
Unlike snaps and flatpaks, AppImages arent containerized or sandboxed at all. They are only used to bundle (some) dependencies, so you don't need to rely on packages provided by your distro's package manager.
This can't be caused by the sandboxing per se. I use many flatpak apps that keep running if you close all windows, eg. Amberol, Discord.
I don't know if snap/Ubuntu has a “feature” that disables this behaviour
You might want to look up what Appimages are as well as what containerization is. To help I have found the following.
Source: https://en.m.wikipedia.org/wiki/AppImage#:~:text=AppImage%20is%20a%20format%20for,developers%2C%20also%20called%20upstream%20packaging.
As stated Appimages are containerized/sandboxed as it prevents needing to install any files on the OS.
Source: https://cloud.google.com/discover/what-are-containerized-applications
As you can see, once again, your info is incorrect as this is another example of what Appimages are.
My main point is that a running AppImage isn't isolated, it can access and modify any file that the user has the permission to. So theoretically, an AppImage could read and upload your ssh keys or put
rm -rf ~
in your .bashrc.A Flatpak app on the other hand needs to either declare specific permissions in its manifest if it wants to e.g. access your home directory or use xdg-desktop-portal to ask for a permission at runtime. This can help when running proprietary/untrusted software or if you want to control what a program can do and what not.
A more popular example are Android apps which are executed in a strict sandbox and need to ask for permission if they want to read your images, access your microphone etc.
See also https://en.wikipedia.org/wiki/Sandbox_(computer_security)
Note that there were some discussions about adding sandboxing to AppImages: https://github.com/AppImage/AppImageKit/issues/152
So do snaps and flatpacks. And they are still consider containerized / sandboxed. Appimages are the predecessors to snap and flatpack. The only difference is unlike Appimages they got it right for the most part.
Generally speaking the Appimages integrate with KDE better than all the other DE’s. The codes for Appimages are still containerized from the OS in general as defined in my last post.