undefined | Better HN

0 pointsafiori5y ago0 comments

> I want the proprietary app in a container.

People want containers to be magic but they're actually a hard problem. You want the app not to be able to do anything you don't want it to but still be able to do everything you do want it to.

As I see it the problem that containerization in snaps and similar solution is the isolation of system configuration.

I agree that permissions are an hard problem and honestly I am not sure how much they are relevant for snaps, but what is theory is feasible is that installing a snap could be completely and reversible.

I believe that is true of flatpack at least.

0 comments

zrm5y ago

> As I see it the problem that containerization in snaps and similar solution is the isolation of system configuration.

If you drop your app's config file in /etc/ and nothing ever touches it, isolation isn't really buying you anything. If something does, that could still be what you want to happen.

For example, suppose there is a P2P app that can operate either by having you forward a port from your router (which is not always available) or by operating as a Tor onion service. To do the latter it has to modify Tor's configuration so that it allows incoming connections to the application's port. It's something you want to happen, it's something the package can clean back up again when it's uninstalled, but that doesn't work if the two otherwise independent applications have their configurations isolated from each other.

So it's still the permissions problem.

afioriOP5y ago

I would say that more than having your own config be left alone, the complex case is when two different applications want to mess up a third party configuration.

Software repos as a whole in part exist to solve and harmonize these cases.

j / k navigate · click thread line to collapse