xiwrap

slightly higher-level container setup utility
git clone https://git.ce9e.org/xiwrap.git
commit
8d9fe394cc9c48e4ef38776806debb9074913bbe
parent
f98161cb1fe91a861536dadd3264918e1ca97869
Author
Tobias Bengfort <tobias.bengfort@posteo.de>
Date
2024-06-20 15:44
README

Diffstat

A README.md 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++

1 files changed, 54 insertions, 0 deletions

diff --git a/README.md b/README.md 

@@ -0,0 +1,54 @@
   -1     1 xiwrap - slightly higher-level container setup utility
   -1     2 
   -1     3 xiwrap is a thin wrapper around
   -1     4 [bwrap](https://github.com/containers/bubblewrap) that adds some features:
   -1     5 
   -1     6 -   configuration can be included from files. This allows to create a library
   -1     7     of reusable modules.
   -1     8 -   [xdg-dbus-proxy](https://github.com/flatpak/xdg-dbus-proxy) is integrated
   -1     9     to allow dbus filtering.
   -1    10 
   -1    11 ## Example usage
   -1    12 
   -1    13 ```
   -1    14 xiwrap --include host-os --dbus-session-talk org.freedesktop.portal.Desktop -- bash
   -1    15 ```
   -1    16 
   -1    17 See `xiwrap --help` for a full list of options.
   -1    18 
   -1    19 ## Why another tool?
   -1    20 
   -1    21 Linux has great low-level sandboxing features. However, I feel like we have not
   -1    22 yet found the right high level abstraction. Docker, systemd, and flatpak are
   -1    23 all great, but I think we can do better.
   -1    24 
   -1    25 There is a sprawling, messy ecosystem of tools (mostly centered around bwrap
   -1    26 and [firejail](https://github.com/netblue30/firejail)) that experiment with
   -1    27 alternative designs. I think this is great. We have to allow for some creative
   -1    28 chaos to come up with great designs. xiwrap is my contribution to that mess.
   -1    29 
   -1    30 The real goal is to find a set up reusable, easy-to-understand configuration
   -1    31 modules. xiwrap is only a tool that allows me to easily iterate on those
   -1    32 modules.
   -1    33 
   -1    34 ## Why not flatpak?
   -1    35 
   -1    36 flatpak is a mature and well established project that also uses bwrap and
   -1    37 xdg-dbus-proxy.
   -1    38 
   -1    39 However, flatpak's main goal is to simplfy packaging for Linux. Their
   -1    40 vision is that users get their apps directly from developers instead of going
   -1    41 through distros. Sandboxing is a necessary condition for that vision, but not
   -1    42 the main goal. Another condition is that libraries are not managed centrally,
   -1    43 but come bundle with each app. As a result, they are often redundant or even
   -1    44 outdated.
   -1    45 
   -1    46 xiwarp on the other hand is fully focused on security. It supports using a
   -1    47 different runtime for an application, but that is not the focus.
   -1    48 
   -1    49 ## Prior Art
   -1    50 
   -1    51 -   https://wiki.archlinux.org/title/Bubblewrap/Examples
   -1    52 -   https://docs.flatpak.org/en/latest/sandbox-permissions.html
   -1    53 -   https://github.com/ruanformigoni/flatimage/
   -1    54 -   https://github.com/netblue30/firejail