<p dir="ltr">That looks quite interesting. Read only mounts for app binaries makes sense. It still can be a hole if the app executes the data stream or can get a buffer overflow. Individual app sandbox certainly cuts down likelihood of cross-app security but I yet to hear/see a sandbox that actually everything it was supposed to.</p>
<div class="gmail_quote">On May 9, 2015 7:30 AM, "DJ-Pfulio" <<a href="mailto:DJPfulio@jdpfu.com">DJPfulio@jdpfu.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Anyone played with <a href="https://sandstorm.io/" target="_blank">https://sandstorm.io/</a> ?<br>
<br>
They have plugins to run your own:<br>
* chat server<br>
* Groove - music server<br>
* GitLab<br>
* Redit Clones (a few threaded conversation boards)<br>
* Image Management (2 options)<br>
* Multiple Note Taking apps - Paperwork<br>
* RSS Feed Reader - TinyTinyRSS (don't let big brother watch what you read<br>
centrally)<br>
* Presentation Creator - HackerSlides<br>
* <a href="http://draw.io" target="_blank">draw.io</a><br>
* EtherCalc<br>
* EtherPad<br>
About 10 more ...<br>
<br>
I haven't tried anything - they host it or we can grab the code.<br>
They have a very interesting security model, not sure I understand it yet. Every<br>
object/document is sandboxed. Application packages are mounted read-only.<br>
<br>
--<br>
Got Linux? Used on smartphones, tablets, desktop computers, media centers, and<br>
servers by kids, Moms, Dads, grandparents and IT professionals.<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div>