This is awesome, thanks for sharing!<p>The problem at hand is actually a pet peeve of mine and I really don't get why it's still the default to grant programs access to all our personal data. There is a lot wrong with mobile OSs, but in this regard they are actually ahead of the curve.
Flatpak and snapd seem to have some similar goals but aren't mentioned in the related projects section?<p>I would have thought it would now be more performant to do something like this using Wayland and, if the app uses X11, multiple isolated xwayland instances somehow. That way you might be able to get GPU acceleration, which I don’t think is possible through xpra?
This seems really interesting. A somewhat related project is x11docker[0] which attempts to make it easier to run gui applications through docker.<p>It works pretty well with docker, though I've not used it since I switched to podman as there wasn't any support for it at the time. I've not tried recently.<p>It does seem this project is at a dead end based on the recent development activity in recent months.<p>[0] <a href="https://github.com/mviereck/x11docker/" rel="nofollow">https://github.com/mviereck/x11docker/</a>
I'm a big fan of using containers to distribute and run tools. It's an underappreciated use case. I wrote about its benefits (and drawbacks) a few months ago: <a href="https://jonathan.bergknoff.com/journal/run-more-stuff-in-docker/" rel="nofollow">https://jonathan.bergknoff.com/journal/run-more-stuff-in-doc...</a>.<p>Subuser looks interesting, nice work! I love to see progress in this space.
Whalebrew[0] has been doing this for years, though Subuser appears to provide more configuration/access control.<p>[0] <a href="https://github.com/whalebrew/whalebrew" rel="nofollow">https://github.com/whalebrew/whalebrew</a><p>It's not a new nor crazy idea...Jessie (jessfraz.com) talked about doing this[1] in their desktop environment back in 2015.<p><a href="https://blog.jessfraz.com/post/docker-containers-on-the-desktop/" rel="nofollow">https://blog.jessfraz.com/post/docker-containers-on-the-desk...</a>
Their "subuser standard" has the following license [1]:<p>> Creative Commons Zero, public domain<p>> With the following exception:<p>> Only standards documents identical to those released by Timothy V Hobbs(timthelion) or another person or party whom he nominates may be presented as defining “the subuser standard”. In other words: you cannot edit this document and then claim that your new standard is the official one.<p>That's legally incoherent. You cannot have public domain with an exception. Either something is in the public domain (no copyright) or it is not (copyrighted). If it is copyrighted, then you can license it under "X with the following exception". Most commonly, those exceptions grant extra rights compared to the base license (e.g. Classpath exception), occasionally they aim to take away rights compared to the base license (e.g. the notorious "Commons Clause"). But you can only have an exception to a copyright license if there is a copyright to be licensed, and putting something in the public domain means there isn't.<p>CC0 is a bit of a hybrid in that it contains both a public domain dedication for those jurisdictions which recognise that, and a permissive fallback copyright license for those jurisdictions that don't (e.g. Germany). The author claiming to make an exception to CC0, it makes sense for the later but not for the former. Does this mean the exception is only legally binding in the jurisdictions in which the fallback license applies? Or does the attempt to impose an exception nullify the public domain dedication? I don't know, IANAL. (But I imagine many lawyers won't know the answer either.)<p>Now, what the author aims to do here could be achieved by trademark law – claiming (or registering) "subuser standard" as a trademark, and then saying that even though the copyright of the standard is relinquished to the public domain, the trademark is only licensed under certain conditions. But while that would legally make sense, it isn't what the author has actually done.<p><a href="https://subuser.org/subuser-standard/standard.html#subuser-standard-licence" rel="nofollow">https://subuser.org/subuser-standard/standard.html#subuser-s...</a>
I really like the premise, and already use containers as ingredient in my isolation techniques, however, subuser development didn't seem particularly active, is it just because it's considered in a feature complete state?
All these containerization "solutions" are just the fever symptoms of the future shock from the extremely rapid rate of features and improvement in the underlying libraries (glibc, c++?, etc) used by programmers, and the programmer's tendency to use those fancy new features asap. It makes compiling, or even running, something written today on the dev environment of a 5 year old linux distro pretty darn difficult and worse with time.<p>They are a terrible idea for the desktop or academia. They're fine for server environments.