Hello everyone, I am Ali Polatel. I am an Exherbo Linux developer and I am the main author of the Syd sandbox. Syd is a GPL-3 licensed sandbox written in Rust for Linux systems. As part of this hackathon, I want to improve Syd support for Emacs so as to give Emacs users an easy and simple interface to open their untrusted documents, mails, browsers etc. under a secure sandboxed environment a la Dangerzone.
I have done some basic work to simplify Emacs usage for Syd. We have a syd-emacs utility which is a convenience wrapper to execute Emacs under Syd, and we have syd.el which is a Lisp-only library to interact with syd(2) API to configure Syd from within Syd. I'll be honest though, I am an Emacs user and not a developer so doing any more than this is beyond my skill level. Therefore I decided to ask for help from the community and hopefully make this project part of the upcoming hackaton. Here are a few links and info as introduction to Syd: 1. https://lib.rs/crates/syd (use cargo install syd, packaged already on Alpine, Arch, Exherbo and Gentoo) 2. Online manual pages: https://man.exherbo.org/ (start with syd.7, syd.2, syd.1 and syd-emacs.1) 3. syd.el: https://sydel.exherbo.org/ 4. Sandboxing Emacs with Syd asciicast: https://asciinema.org/a/627055 5. FOSDEM 2025 talks about syd and syd-oci: 1. https://is.gd/OEocWZ 2. https://is.gd/5Dy3Zy I have already applied to the hackaton and was asked to come up with a 20h tasklist on what can be done. So me and fellow Exherbo developer Wulf Krueger, aka Philantrop came together and did some brainstorming on what could be done, this is however far from a tasklist. I am including an excerpt from our brainstorming session here as food for thought. I hope people from community will find it interesting and help us come up with a rough task list. Principles Safety, but ergonomic: Don’t make security a chore. It should feel like a normal part of the workflow, not some obstacle course. User is always in control, but default to safety. Visibility: Users always know if they’re in Syd confinement or not. Proposed user flow & interface elements Quick “syd-open” command User M-x syd-open <file> (could be a global key too) Alternatively, right-click “Open under Syd” in dired, or in email or wherever Emacs detects file-type and preps a tailored syd-conf buffer (as above) syd-conf buffer: Interactive protection picker Summary line: “You’re about to open: evil.pdf (PDF, potential attachments detected)” Protections auto-selected by filetype (think: “no network”, “no write outside /tmp”, “memory limits”) Checkbox toggles for each protection, with expandable/collapsible “?” help next to each Possible “Preset: paranoid / normal / custom” selector for one-click setups Live preview/test-run Button: “Try itor similar launches the document in a sandboxed Emacs inside a child frame/window syd-conf buffer remains open for tweaks; if you change protections, preview reloads Always visible sandbox status Inteface displays a small Syd “badge” in the mode-line (green/yellow/red? emoji?) whenever you’re viewing in a sandbox Badge offers quick access to syd-conf and history/logs Easy “escape hatch” Obvious button/shortcut for “Exit sandbox and nuke environment” Optionally: a way to quickly escalate/reduce protections if needed (e.g., “I trust this now, relax limits” or opposite). Logs/audit/history syd-open keeps a short recent history so you can see what was opened, under what settings, and roll back to previous configs. Custom command runner in sandbox Not just files: Allow syd-exec so user can M-x syd-shell or syd-browse to open any command/app in a fresh confined Emacs session. Tie that into emacsserver: You could even pass files or urls from the host emacs to a “mini-emacs” inside syd. Sensible failover/fallback If opening fails due to over-strict settings, Syd provides an error in syd-conf with a “Relax and retry” button—removes only what was necessary for that filetype. Bonus ideas Integration with existing Emacs viewers: syd.el doesn’t need to reinvent PDF/EPUB modes; it just ensures whatever mode you launch is inside syd. This keeps sysadmin and Emacs work low. User profiles: Let users name and save certain sets of protections (“locked-down-mail”, “trusty-pdfs”, etc). Unsafe-open keybinding: Could be as simple as C-c ! o or “M-x syd-unsafe-open” as an “I know what I’m doing” override with prominent warnings. Syd “detector badge”: Like a little padlock that pops in your modeline or minibuffer when you’re actually inside a syd’d Emacs. Remove guesswork. Hooks for automatic Syd-wrapping: Maybe let gpg attachments, unknown URLs, or suspicious filetypes auto-prompt for syd-open (with user override/opt-out). Example from the user’s perspective I’m in dired, I select “evil.pdf”, hit my new syd-open binding. Magically, syd-conf opens: “This PDF contains a form and attachments. Default: network/camera/clipboard blocked, extraction-only mode ON, PDF tools enabled.” I peek at the help for clipboard access (“Allows copy/paste from/to host—risky if untrusted”). I say “Sure”, uncheck clipboard, hit “Open in sandbox”. Now, I see evil.pdf rendered in a buffer, with a green padlock in the modeline. I quickly try to save an edited version—Emacs prompts “Would you like to allow writes outside sandbox? [Temporarily / Never / Relax and retry]”. All my settings are remembered for next time, but I can change them if I run into false positives. TL;DR: Everything is kicked off with a single command or menu (“Open under Syd”). A buffer (syd-conf) pops up showing recommended settings, with short explanations and easy overrides. Open/preview the file under those settings, tweak on the fly, escape with a click. Always visible feedback if you’re protected. All major Emacs “open” actions can route through syd if desired." Best regards, alip -- -Ⓐlïp.
publickey - [email protected] - 0x55838BF3.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
