Gnome implemented sandboxing for thumbnail parsers, but @ubuntu patches that out, because why not? https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1709164 …
It sounds like it uses some heavy tooling, but should be possible to replicate using user namespaces directly with a few loc...
-
-
But those can't be the problem: Ubuntu ships with them enabled by default (unlike Debian).
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
It’s pretty much as small as it can be given the sandboxing and syscall filtering it does. Once you’ve implemented the filesystem sandboxing, fd passing, and network sandboxing, you’d have bubblewrap.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.