this post was submitted on 23 Mar 2026
6 points (80.0% liked)

Linux

16754 readers
89 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
6
How to confine an existing distrobox container? (lemmy.world)
submitted 12 hours ago by j4k3@lemmy.world to c/linux@lemmy.world
8 comments fedilink hide all child comments
 

The container runs a local host server for use in a browser and is untrusted for development reasons. It needs to be treated as an advanced black hat. Its primary goal is recon and sending critical information via advanced connectionless protocols of unknown type. While extremely unlikely, it should be assumed to have access to proprietary systems and keys such as Intel ME and a UEFI shim of some sort. It may also use an otherwise trusted connection such as common git host, CDN, or DNS to communicate. It tries to access everything possible, key logger, desktop GUI, kernel logs, everything.

What is the Occam's Razor of solutions that best fit the constraints in your opinion? Other than the current solution of air gap.

you are viewing a single comment's thread
view the rest of the comments
[–] Neptr@lemmy.blahaj.zone 1 points 6 hours ago* (last edited 6 hours ago)

Flatpakbapps cant use namespaces. Flatpak (the software) uses namespaces but Flatpak apps can not.