Bug#658988: ITP: libvirt-sandbox -- API layer which facilitates the creation of application
Hi Petter,
On Mon, Apr 04, 2016 at 07:09:57AM +0200, Petter Reinholdtsen wrote:
>
> Btw, I mentioned libvirt-sandbox on #freedombox, and was tipped about
> firejail, which seem to do a similar task. Are you aware of firejail?
> Do you know how libvirt-sandbox is different from firejail? Firejail is
> in unstable and testing already, and was possible to backport with a
> hack to add some missing kernel call constants.
I wasn't aware of firejail so far but looks _very_ nice. The main
differences (from looking at the firejail web page seems to be):
* libvirt-sandbox has been around and usable for much longer (though
not in Debian)
* libvirrt-sandbox is a sandbox library with virt-sandbox only being
a (fully usable) example on how to use it's APIs (so it's easy
to build applications on top of that with everything that has
GObject introspection)
* Libvirt-sandbox can use QEMU instead of LXC
* virt-sandbox-image can download and run docker images
* libvirt-sandbox can build service containers (although not yet for
Debian).
* firejail has integration for Xpra and lots of other desktop apps
which libvirt-sandbox is lacking
* firejail has seccomp filter support
Hope this helps. I'm happy to stay in the loop for mails on the
freedombox list or similar.
Cheers,
-- Guido
Reply to: