Anyone have experience with Anbox? Does it properly sandbox apps? Does it senselessly depend on a glibc host or particular container runtimes? Can you easily do one app per sandbox, or only whole Android? anbox.io
Conversation
Replying to
It doesn't provide meaningful sandboxing and doesn't approach it the way that you want. Their comparison to the Android integration in ChromeOS is also wrong / misleading. You're better off using the Android emulator for a KVM / QEMU based VM without everything hacked together.
2
Using the standard VM approach isn't substantially more heavyweight. It performs well and is much more robust and compatible. ChromeOS isn't currently using virtualization for performance reasons but they really should be doing it that way. As is, it turns ChromeOS into Android.
2
There's not really that much difference between using Android with Chrome in the app sandbox or using ChromeOS with Android inside a container. The kernel is the same, verified boot and update system is comparable, and security between apps and Chrome is essentially the same too.
2
If they were using a virtual machine, they could have preserved a lot more of the distinction between ChromeOS and Android including a better verified boot implementation and not running third party native code with direct access to the kernel. Namespaces aren't a tight sandbox.
1
Replying to
Namespaces can be a tight sandbox. Also if stuff is setup to be able to run in a namespace container you can just as easily run it in a fully ptraced container with no access to any real syscalls.
2
Replying to
They're really not a tight sandbox if you're using the native Linux implementation. It's only semantic separation between parts of the OS, with none of them really more sandboxed than the others. github.com/google/gvisor is an attempt to make it into more of a meaningful sandbox.
1
On ChromeOS, ChromeOS is nominally the host but in reality namespaces are just used to separate Chrome from Android with neither really being more sandboxed than the other. Namespaces are way weaker than the sandbox Chrome uses for the renderers. It's a full blown Android OS.