Something I'd like to see is a simple way to define “containers” on my desktop that would allow me to run sandboxed versions of my standard apps in bundles.
The plan would be something like the following.
You have a simple gui that would allow you to create new containers, for which you could define what it has access to (specific folders, internet, sound, etc).
You could then add apps to your container, and they would only be able to play with each other in the container with the restrictions given.
I think that would work with a simple app essentially based on bubblewrap.
For example:
* A "torrents" container, where the only apps would be firefox, deluge and vlc, and access to no folder in my home directory, but the container would have its own home directory.
* An "admin" container, with only firefox and thunderbird and libreoffice, say, and access to my ~/Downloads and ~/Documents folders.
You should be able to run the admin.firefox and torrents.firefox side by side, since they'd have different profiles.
By default, each container would have its own "virtual filesystem" with no accesss to anything outside (modulo what's really needed), and only by toggling "links" would it be able to access your actual fs tree.
The GUI would be easy enough for computer "illiterate" people to work with it.
And the GUI would be smart enough to create desktop files with each new application I add to a container, with customized icons.
I don't expect it would be too complicated (essentially bookkeeping on top of bubblewrap).
If anyone is interested, I'd happily discuss it more!
Something I'd like to see is a simple way to define “containers” on my desktop that would allow me to run sandboxed versions of my standard apps in bundles.
The plan would be something like the following.
You have a simple gui that would allow you to create new containers, for which you could define what it has access to (specific folders, internet, sound, etc). You could then add apps to your container, and they would only be able to play with each other in the container with the restrictions given. I think that would work with a simple app essentially based on bubblewrap. For example:
* A "torrents" container, where the only apps would be firefox, deluge and vlc, and access to no folder in my home directory, but the container would have its own home directory.
* An "admin" container, with only firefox and thunderbird and libreoffice, say, and access to my ~/Downloads and ~/Documents folders.
You should be able to run the admin.firefox and torrents.firefox side by side, since they'd have different profiles. By default, each container would have its own "virtual filesystem" with no accesss to anything outside (modulo what's really needed), and only by toggling "links" would it be able to access your actual fs tree. The GUI would be easy enough for computer "illiterate" people to work with it. And the GUI would be smart enough to create desktop files with each new application I add to a container, with customized icons.
I don't expect it would be too complicated (essentially bookkeeping on top of bubblewrap). If anyone is interested, I'd happily discuss it more!