On mån, 2013-02-25 at 18:07 +0100, Stef Walter wrote: > > sh-4.2$ nautilus > > (nautilus:15428): GLib-WARNING **: getpwuid_r(): failed due to unknown > > user id (1000) > > We could solve this with a custom nsswitch.conf module that calls out of > the sandbox or does something useful here. The real question is if we > want name-spaced uids and gids in a sandbox or not. We may also want to > restrict enumerating other users and groups by code inside a sandbox.
Yes, thats obviously the solution for this particular issue in a carefully composed base. Its not a custom one though, just one configured to only use nscd via a socket we mount into the root. There will be a whole lot of similar issues we need to solve to, like resolv.conf, etc. As for the level of sandboxing, i think this will be different on a per-app basis. Some things want the full sandbox where you can't access the homedir and *everything* goes via kdbus portals, and some things are "just" the app image /usr isolation to make things portable and isolated. (i.e. for apps that are not ported to a sandbox model). _______________________________________________ gnome-os-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-os-list
