Readit News logoReadit News
gnoack commented on FOSDEM 2026 – Open-Source Conference in Brussels – Day#1 Recap   gyptazy.com/blog/fosdem-2... · Posted by u/yannick2k
direwolf20 · 10 days ago
What do you connect to, when you connect to varlink, if there is no broker service?
gnoack · 10 days ago
Those are pathname UNIX domain sockets, so you address them through the socket file, which is conventionally stored somewhere under /run.

You can run "netstat --listening --unix" to list the UNIX domain servers on your system, to get an impression.

See https://man7.org/linux/man-pages/man7/unix.7.html

gnoack commented on FOSDEM 2026 – Open-Source Conference in Brussels – Day#1 Recap   gyptazy.com/blog/fosdem-2... · Posted by u/yannick2k
ahartmetz · 10 days ago
Look forward to ye olde uncle Lennart's old-timey sales pitch.

I'm gonna summarize the Varlink talk: DBus is, and I quote, "very very very complex" and his system with JSON for low-level IPC is, in fact, the best thing since sliced bread and has no significant flaws. It works basically just like HTTP so the web people will love it. Kernel support for more great shit pending! I'm not sure where the hardon for a new IPC system with lernel (keeping that typo) support is from, but he's been trying for 15 years now. AFAICT, the service discovery problem could be solved by a user space service without much trouble. I mean if the whole thing wasn't an exercise in bad technological taste.

gnoack · 10 days ago
I think you are misrepresenting this;

Varlink is based on much more conventional UNIX technology than Dbus, which is decades old: You connect to a named UNIX socket through its socket file in the filesystem (man page: unix(7)).

This is an old mechanism and it is known to work well. It does not require a broker service, it works right at system startup, and it does not require a working user database for permission checks (which would be a circular dependency for systemd in some configurations). If at all, I am surprised that systemd didn't use that earlier.

The main thing that Varlink standardizes on top of that is a JSON-based serialization format for a series of request/response pairs. But that seems like a lightweight addition.

It also does not require kernel support to work, the kernel support is already there. He mentioned in the talk that he'd like to be able to "tag" UNIX sockets that speak varlink as such, with kernel support. But that is not a prerequisite to use this at all. The service discovery -- and he said that in the talk as well -- is simply done by listing socket files in the file system, and by having a convention for where they are created.

gnoack commented on Étoilé – desktop built on GNUStep   etoileos.com/... · Posted by u/pabs3
fithisux · 5 months ago
GNUStep lost its opportunity to use D to go further and stuck with old ObjC.

Very good piece of software though.

gnoack · 5 months ago
Etoile had its own Smalltalk dialect back in the day, Pragmatic Smalltalk. This was a Smalltalk based on the Objective-C runtime, based on an OMeta implementation and a LLVM backend. David Chisnall, who created it at the time, ended up getting involved more in LLVM in the long run, I believe.
gnoack commented on Étoilé – desktop built on GNUStep   etoileos.com/... · Posted by u/pabs3
SillyUsername · 5 months ago
I miss the days of Sun Solaris' CDE desktop.

Afterstep looks too much like Stardock's Window Blinds from around 2000 (see the weird glass effect, font etc), but Etolie seems to nail the aesthetic for me.

I hope this comes back, I'd love to use it on an old netbook I have for accessing my servers remotely.

gnoack · 5 months ago
CDE was open sourced a while back: https://sourceforge.net/projects/cdesktopenv/
Posted by u/gnoack 6 months ago
Landlock Your Vibe Codingblog.gnoack.org/post/land...
gnoack commented on A quick look at unprivileged sandboxing   uninformativ.de/blog/post... · Posted by u/zdw
aktau · 7 months ago
This goes straight into my reference list. Sandboxing a process is confusing on Linux.

I appreciate that the article focuses on approaches that drop privileges without having root oneself. I've seen landlock referenced at time (https://lwn.net/Articles/859908/), but never so clearly illustrated (the verbosity feels like Vulkan).

Out of curiosity, I'd wish even more approaches were compared, even if they require root. I was about to mention seccomp-bpf as an approach that requires root, but skimming the LWN article I posted above I find: "Like seccomp(), Landlock is an unprivileged sandboxing mechanism; it allows a process to confine itself". It seems like I was wrong, and seccomp could be compared/contrasted.

gnoack · 7 months ago
Absolutely, seccomp is also an unprivileged sandboxing mechanism in Linux. It does have the drawback however that the policies are defined in terms of system call numbers and their (register value) arguments, which complicates things, as it is a moving target.

The problem was also recently discussed at https://lssna2025.sched.com/event/1zam9/handling-new-syscall...

gnoack commented on A quick look at unprivileged sandboxing   uninformativ.de/blog/post... · Posted by u/zdw
gnoack · 7 months ago
Landlock is currently still lacking some wrapper libraries that make it easier to use, in C.

We do have libraries for Go and Rust, and the invocation is much more terse there, e.g.

  err := landlock.V5.BestEffort().RestrictPaths(
      landlock.RODirs("/usr", "/bin"),
      landlock.RWDirs("/tmp"),
  )
FWIW, the additional ceremony in Linux is because Linux guarantees full ABI backwards compatibility (whereas in OpenBSD policy, compiled programs may need recompilation occasionally).

Similarly terse APIs as for Go and Rust are possible in C as well though, as wrapper libraries.

For full disclosure, I am the author of the go-landlock library and contributor to Landlock in the kernel.

gnoack commented on The Gang of Four is wrong and you don't understand delegation (2012)   saturnflyer.com/blog/the-... · Posted by u/Tomte
chuckadams · a year ago
I'm no great fan of GoF, it leads off saying to use composition, then most of the patterns just go hog-wild with inheritance anyway. But I don't think anyone has a lock on the term "delegation". It means "pass off responsibility to something else", and it doesn't need to depend on any single mechanism hardwired into the language. Whether `self` stays intact across dispatches or you need to pass `this` explicitly to your delegated handler isn't the central point.
gnoack · a year ago
The way I interpreted most of these "subclassing" cases in the GoF diagrams was actually as "subtyping", and then it makes more sense.

Regarding no one having a lock on the term "delegation", I think this is spot on. Yes, someone might have used the term differently before GoF, but that does not mean that GoF was wrong. It just meant something else in their context.

(Btw, congratulations, your comment is the first one so far in this comment thread that actually discusses the linked article and not just the GoF book itself.)

gnoack commented on Landrun: Sandbox any Linux process using Landlock, no root or containers   github.com/Zouuup/landrun... · Posted by u/Zoup
Zoup · a year ago
they can be jailed by landlock, we don't have support in go-landlock tho afaik, @Gnoack
gnoack · a year ago
It's tracked in https://github.com/landlock-lsm/go-landlock/issues/35 - signals and abstract Unix sockets do unfortunately not interact well with the inherently multithreaded Go runtime. We are working on a fix in https://github.com/landlock-lsm/go-landlock/issues/36 but this needs to be on the kernel side and this is delaying this feature in Go, unfortunately. It is usable from (single threaded) C programs though.
gnoack commented on Landrun: Sandbox any Linux process using Landlock, no root or containers   github.com/Zouuup/landrun... · Posted by u/Zoup
l0kod · a year ago
It takes time to develop theses features, but Landlock is gaining new network filtering features. We are working in a way to control socket creation according to their protocols, and also a way to filter UDP (which makes sense to developers and users).

From the point of view of an app developer, it might not make sense to filters peers but services (ports) instead, and filtering peers without their names would not be ideal (the kernel doesn't know about DNS, only IPs). Anyway, this feature might come one day if someone want to work on it, but we follow well-tested incremental development.

Netfiler is a privileged network feature that allows to do almost anything with the network, which makes it unsuitable for (app/unprivileged) sandboxing.

gnoack · a year ago
+1

A rough description of upcoming network restriction features in Landlock and how they map to the BSD socket API is in the talk at https://youtu.be/K2onopkMhuM?start=2025 starting around 33:45

I really hope we can get back to these features soon :) I think these would be very useful.

g

u/gnoack

KarmaCake day247October 11, 2018View Original