

Subuser – Securing the Linux desktop with Docker - takluyver
http://subuser.org/

======
angry_octet
This is a really good concept. Not sure docker as configured will provide
sufficient isolation, but with strict SElinux/AppArmor controls it is going to
be way better than just hoping something you got from a PPA/pip/npm is safe.
It is also good to see this as a security-in-depth component. Maybe those bash
exploits wouldn't have been so catastrophic if everything touching the outside
world was confined by default.

Also, since writing SElinux controls is so hard, this is a great way to
package those controls for end users.

~~~
timthelion
Docker knows how to automatically configure AppArmor and SELinux to contain
the containers. Seems almost redundant, but if you like checking twice, that's
definitely a supported feature of Docker.

------
kolev
"Download Source" vs "Star/Fork/Issues/Pull Requests" at GitHub? Is it just
me, but when I see a project not using GitHub/Bitbucket, its credibility drops
drastically? Of course, there are others like Linux distros, GNU, etc., but we
know and understand the motivation there.

~~~
xtrumanx
> Is it just me, but when I see a project not using GitHub/Bitbucket, its
> credibility drops drastically?

It may be just you. Why does the credibility drop if it isn't using
GitHub/BitBucket as long as the code is available easily?

~~~
kolev
I doubt it's just me though. Our lives are driven by heuristics and one of
those is: "If something deviates from the norm, it's risky." For good or bad,
the norm today is GitHub.

