• @[email protected]
    link
    fedilink
    16 months ago

    It really is cool, miniature VMs are such a good concept for security like QubesOS but actually possible.

    ChromeOSs Linux VM is also crazy. It is a VM, running a container image. Actually is that krun?? It seems similar.

    Then the stuff is streamed to the wayland compositor and displayed like regular windows.

    Such a cool, secure and minimalist concept.

    • Rustmilian
      link
      English
      1
      edit-2
      6 months ago

      Speak of containers, you just reminded me of Waydroid, such a cool underrated project.
      All this stuff is really really cool. Anything that allows running software from completely different OS’s and Architectures are just a wonder and they help with software preservation which is very important to me.

      • @[email protected]
        link
        fedilink
        16 months ago

        Poorly Waydroid is just vaguely secure on Distros that use SELinux, as Android uses it as a major part of its app sandboxing (called SEAndroid).

        So if you run Waydroid on Ubuntu, which will be the most common way, (and to my knowledge was the first possible one, until aleasto packaged it on Fedora), you will have no sandboxing at all.

        Also the Waydroid container runs as root, even though unprivileged containers can also get access to all the stuff needed. Most notably, Bluetooth doesnt even work, even though Waydroid runs as root, lol.

        Waydroid is a perfect exable of a hacked solution simply ran as root, to circumvent any real solutions for the needed access.

        Also it uses Android 11, which for some reason I forgot was easier to port.

        The concept is cool though, just needs

        1. Upgrading to Android/GrapheneOS 14
        2. Running in a rootless and restricted container
        3. OR running in a VM, so that SELinux can work on all distros
        • Rustmilian
          link
          English
          1
          edit-2
          6 months ago

          Waydroid uses LXC in the backend, this should help with your networking issues, and 3rd party tools allow for installing Android 13 on it, among ARM translation layers & Magisk.

          • @[email protected]
            link
            fedilink
            16 months ago

            Yes, a rootful LXC container. At least to my knowledge.

            Thanks but Bluetooth, gabeldorsche, not network.

            And Android 13 is not 14, even though very interesting, didnt know that.

            • Rustmilian
              link
              English
              1
              edit-2
              6 months ago

              You’re right. Sorry, I haven’t slept for like 48hrs. Words moving around and changing way more than usual (dyslexia on crack rn).

                • Rustmilian
                  link
                  English
                  16 months ago

                  Thanks for your concern 😚, I went to bed after sending that. Still tired, but I’m off work today so I’ll probs take a nap later. ❤️

                  • @[email protected]
                    link
                    fedilink
                    26 months ago

                    Try just doing nothing, electric devices out of the room, close the curtains, nothing distracting :D