This is a series of experiments with the intention of discovering the current state of user-space sandboxing on Linux featuring two prime examples of sandbox: Gentoo’s sandbox and Exherbo’s sydbox.
https://git.sr.ht/~alip/syd/tree/main/item/doc/toctou-or-gtfo.md
thanks for sharing. will give this a read!
State of sandboxing on Linux in a nutshell: it’s a joke, use PWAs and do as many things as possible in a good browser such as Mullvad, Brave, or FF with arkenfox.
That might be an issue if you need programs which are not online-first, cloud based, etc. Why would I use PWA/browser for text editor (kate, vim?, LO writer ), calcualtor (kcalc, qalculate, LO calc), photos & drawing (gimp, inkscape, qcad), audio & video playing & editing (clementine, vlc, handbrake, obs…) and so on.
Yes, sandboxing is a good thing, but it doesn’t mean our compters are compromised without it.
Now that’s FUD. The article in the OP wasn’t even discussing mainstream sandboxing solutions used to sandbox desktop apps.
How is it FUD?
Compared to Windows, it’s at least somewhat better. Windows Sandbox is simply an impractical equivalent of a VM with amnesia, barely usable for anything other than portable versions of programs. And UWP has effectively been cauterized and retired quietly.
Linux sandboxing has problems, no doubt, but to dismiss it entirely is in itself a problematic attitude - much of the fault also lies with an insecure desktop security ecosystem, and the other major desktop OS doesn’t fare any better.