Open GrootBlouNaai opened 2 months ago
With AppArmor being optional, I'd agree. Personally I am not interested in this type of sandboxing at all since I don't run untrusted code on my machine.
While this seems good in theory, it has a problem of creating AppArmor dependency
If the whole sandboxing is purely optional, then I'd not be opposed for the sandboxing to pull in some dependency. Might be AppArmor or some other sandboxing software.
The goal of these various protocols has been to make Wayland a true replacement for X11, avoiding the complications of D-Bus and Portals.
I propose refactoring the code of a simple compositor and shifting the security model to use AppArmor (or SELinux for rhel folks) instead. This approach aims to enhance security while maintaining the flexibility needed for Wayland to be an effective replacement for X11.
An fork of libwayland might be the best approach to shoehorn compatibility. My test Implementations at compositor level have all been flawed an resulting in many unexpected crashes (likely due to being self thought C, and absolutely useless at memory sanitising).
The general outline would be along the lines of: