[Feature Request] Allow disabling the sandbox for an application.

[RokeJulianLockhart]

Project

MSIX SDK or Win7Msix

Describe the bug

As https://github.com/safing/portmaster-packaging/issues/44#issuecomment-1700988411 explains:

If I correctly understand, MSIX only runs in a sandboxed container and thus is unsuitable for Portmaster, which comes with a kernel driver - pretty much the opposite.

This prevents a myriad of applications using this format (corroberated by issues for similar projects, like https://github.com/flatpak/flatpak/issues/1699#issue-325376226) instead forcing them to be distributed in legacy installation formats like .MSI, since .APPX is even worse in this regard.

Platform

All, but primarily Windows 11 Home, Pro, and Enterprise.

Additional context

https://github.com/microsoft/msix-packaging/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+disable+sandbox returned 0 results.

[DrusTheAxe]

What 'sandbox'?

MSIX is quite flexible. Perhaps you're using defaults?

Do you mean running in an AppContainer? That's required for UWP apps but packaged desktop apps can run in an AppContainer or MediumIL

<Application...uap10:RuntimeBehavior="packagedClassicApp" uap10:TrustLevel="mediumIL">

Do you mean i/o write virtualization at runtime? That only happens if appxmanifest.xml declares uap10:RuntimeBehavior="packagedClassicApp" (or EntryPoint="windows.fullTrustApplication") ANDand/or` are enabled. These can be disabled (selectively or in total). See docs for more details

If by 'sandbox' you mean something else please elaborate

[RokeJulianLockhart]

https://github.com/microsoft/msix-packaging/issues/634#issuecomment-2161507516

@DrusTheAxe, indeed - I'd been using a few of those. Thanks - that was comprehensive. I'll close as invalid unless I locate anything else of relevance which doesn't appear possible to disable. Seems it's changed a lot since the UWP days.