General Project Outline #1
Comments
|
👋
In terms of how this will be implemented, either a launcher approach or external tool approach can be adopted, but having it only adopted for launches will make it so vanilla launcher users are completely unsupported, which are a big portion of the game. As said by systemless:
With this established, Linux and MacOS seem to have fine sandboxing ways, however windows is the key issue. What can we do to address windows? |
xyzeva
added
enhancement
|
I would like to quickly add on to the first point. |
|
Regarding windows, I think the current idea is appcontainers. However, I don't know much about them so I can't comment much. |
I think @pandaninjas has looked at them before? |
|
this seems to be useful in how to create the manifest for UWP apps. |
In my opinion, the best way to go with AppContainers is to directly create policies, i.e. AppContainer for legacy unpackaged apps (https://learn.microsoft.com/en-us/windows/win32/secauthz/appcontainer-for-legacy-applications-#unpackaged-apps). The documentation on this is rather bad, but there are some suitable example code online like https://github.com/MalwareTech/AppContainerSandbox However, the writes can't really be redirected, AppContainer's solution is just to redirect some environment variables and registry keys so that it will work assuming the developer hasn't hardcoded paths (like C:\Users\user\Documents instead of getting it through registry keys/environment variables) |
Does AppContainers also secure sub-processes? |
They do secure sub-processes as far as I can tell. |
Has anyone made an proof-of-concept app with this idea yet? |
https://github.com/modmuss50/win-sandbox very WIP and very unstable |
|
https://www.unix.com/man-page/osx/3/sandbox_init/ |
We currently do not know about many details of how we are doing sandboxing.
This is to note down and discuss what to do
The text was updated successfully, but these errors were encountered: