Welcome to the Linux Foundation Forum!

To create sandbox inside sandbox or to extend sandbox permissions at run time


Idea aims to solve test some software inside sandbox. For example: testing flatpak inside some container pretend to be Ubuntu system.

Solution is to create standard interface to extend sandbox/process inside sandbox permissions (or to restrict it). You could create dbus (or whatever) daemon listen on some unix socket inside an sandbox. This daemon provide api to ask for additional permission (or create process with it).
Another solution could be use newer interface for proton/wine (syscall user dispatch, perhaps?) to handle unsupported system calls. This (second() solution is maybe impossible, but if I could select one and both could be able to realize, I would select second.


  • Sławomir Lach

    Flatpak, docker, etc. could provide implementation of this solution. Also Valve perhaps need it to run Steam Sandbox inside Flatpak. So it would be standard on how contenerization daemon should talk to process inside container to allow increase privileges (it's distro/contenerization technology agnostic).


Upcoming Training