AppImageKit
firejail
Our great sponsors
AppImageKit | firejail | |
---|---|---|
133 | 139 | |
8,438 | 5,429 | |
1.0% | - | |
2.9 | 9.7 | |
2 months ago | 5 days ago | |
C | C | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
AppImageKit
-
GoboLinux
What you're looking for sounds like AppImages (https://appimage.org/) . I have only used them while downloading games from itch.io, etc. (since i prefer package managers) but they seem to work out of the box on popular distros.
-
Bitwarden Heist – How to Break into Password Vaults Without Using Passwords
Ideally a new instance of the application is installed for each user. This also provides better isolation if one user upgrades/removes/breaks their application instance. I, for one, have really come around to the AppImage model [0] in the last couple of years.
[0] https://appimage.org/
-
How to sandbox AppImages ?
I found a similar issue on github and tried this solution but still getting the same error .
-
Ask HN: What's the best CLI installation experience you've ever seen?
There is AppImage[1], which packs a lot of stuff into a SquashFS filesystem, appends it to the executable, so everything is in one file.
[1] https://appimage.org
-
Linux users when their preferred app isn't packaged in the main repository
Nah i think yall just hating appimage. Real gold standard.
-
How to minimize RAM usage during Go binary compilation
Although I haven't used plugins feature myself yet, this does sound like the perfect use case for them. Not every patient needs to access every single source. With plugins you can load only the source (or few sources) that they actually need. You can still use something like https://appimage.org/ to give them "a single binary", but will actually contain your slim binary and all the plugins.
- Wrong Opinion About Debian Stable
-
AppImages Refuse to Launch After Updates
```dlopen(): error loading libfuse.so.2 AppImages require FUSE to run. You might still be able to extract the contents of this AppImage if you run it with the --appimage-extract option. See https://github.com/AppImage/AppImageKit/wiki/FUSE for more information```
-
How to install application bundle (AppImageKit runtime)
This doesn't look like a squashfs image. Cannot mount AppImage, please check your FUSE setup. You might still be able to extract the contents of this AppImage if you run it with the --appimage-extract option. See https://github.com/AppImage/AppImageKit/wiki/FUSE for more information open dir error: No such file or directory
-
I'm thinking of moving from windows to Linux. What should I expect?
appimages. Appimages are similar to flatpaks, exept that they are a file you download and double click to run. Think of them as portable softwares like windows has (portable apps). They are sandboxed too. You can learn more about appimages here
firejail
-
Sandboxing All the Things with Flatpak and BubbleBox
bubblewrap is designed as a low-level too. There is nothing quick and dirty about it. It disallows everything by default and you have to be explicit about what you want to share with the host. If your application needs complex permissions/resources, then you will need to have a complex bubblewrap command line.
Once you have figured out which permissions/resources you need for a given program, you can wrap the command line invocation in a shell script.
If you want other people to do the work of defining permissions/resources, then have a look at firejail: https://github.com/netblue30/firejail
-
Ask HN: What are some unpopular technologies you wish people knew more about?
Firejail is cool: https://github.com/netblue30/firejail
Linux namespaces/cgroups but nowhere near as heavy as Docker.
I use it when I want to limit the memory of a Python script:
```
-
Toolship: A (More) Secure Workstation
Firejail can also be a useful option, though no good if you're on Mac https://firejail.wordpress.com/
Uses the same Linux primitives as docker etc, but can be a bit more ergonomic for this use case
-
Firejail: Light, featureful and zero-dependency security sandbox for Linux
Firejail, Flatpak (which uses Bubblewrap under the hood), and Snap (which uses AppArmor) all use the same underlying technology: Linux namespaces.
This question comes up a lot, and has been answered here: https://github.com/netblue30/firejail/wiki/Frequently-Asked-...
TL;DR: Firejail has much more comprehensive features than Flatpak (Bubblewrap). Firejail also has more comprehensive network support, support for AppArmor and SELinux, and easier seccomp filtering.
Compared to Snap (which uses AppArmor), Firejail is compatible with AppArmor and again goes above and beyond with a lot of additional features.
-
Bubblewrap – Low-level unprivileged sandboxing tool used by Flatpak
Wonderful little tool, too bad you must chain various exec calling tools to get cgroups (a bit akin to `ionice ... nice ... cmd`) and Linux users namespaces can't allow UNIX sockets while preventing network access (I think?).
Migrated from Firejail when its complexity annoyed me too much and I hit https://github.com/netblue30/firejail/issues/3001 (Firejail doesn't like parens or brackets in --put/--get parameters) to a badly NIH version using bwrap and bash to have "profiles":
- Firejail: Light featureful and zero-dependency security sandbox for Linux
-
Do, or do not. There is no try
Firejail does this. The profile database is the two "profile" directories in https://github.com/netblue30/firejail/tree/master/etc
-
Strange times make for strange friends...
What do you mean by a Firefox container? Do you mean FireJail?
What are some alternatives?
pdfarranger - Small python-gtk application, which helps the user to merge or split PDF documents and rotate, crop and rearrange their pages using an interactive and intuitive graphical interface.
bubblewrap - Low-level unprivileged sandboxing tool used by Flatpak and similar projects
pkg2appimage - Tool and recipes to convert existing deb packages to AppImage
flatpak - Linux application sandboxing and distribution framework
appimage-builder - GNU/Linux packaging solution using the AppImage format
bubblejail - Bubblewrap based sandboxing for desktop applications
Flatseal - Manage Flatpak permissions
nixos-config - My NixOS configuration
yabai - A tiling window manager for macOS based on binary space partitioning
piper - GTK application to configure gaming devices
podman - Podman: A tool for managing OCI containers and pods.