Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mgord9518/aisap

Tool to make sandboxing AppImages easy
https://github.com/mgord9518/aisap

go golang linux sandbox

Last synced: about 1 month ago
JSON representation

Tool to make sandboxing AppImages easy

Host: GitHub
URL: https://github.com/mgord9518/aisap
Owner: mgord9518
License: mit
Created: 2021-11-01T10:03:06.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2024-12-02T23:26:40.000Z (about 2 months ago)
Last Synced: 2024-12-10T08:26:02.415Z (about 1 month ago)
Topics: go, golang, linux, sandbox
Language: Zig
Homepage:
Size: 3.1 MB
Stars: 39
Watchers: 4
Forks: 3
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-appimage - AppImage Sandboxing Project - Golang library to help sandbox AppImages with bwrap. (AppImage consumption tools / Sandboxes)

README

# aisap

AppImage SAndboxing Project (pronounced /eɪsæp/): a tool to help sandbox
AppImages through bwrap.

**EARLY DEVELOPMENT!** Many parts of this are subject to change and should
be expected to until it reaches a more stable form.

## What is it?
aisap intends to be a simple way to implement Android/Flatpak style sandboxing
with AppImages. It has a profile system, but it intends to keep it as basic as
possible, making it easier to understand what a program actually requires to
run without dealing with the hassle of individually cherry-picking files.

It currently has a basic re-implementaion of the go-appimage API, so modifying
existing Go programs to include sandboxing should be fairly painless

## Using aisap:
1. [aisap cli](docs/aisap.1.md)
2. [aisap Go implementation](docs/aisap-go.3.md)
3. [aisap Zig implementation](docs/aisap-zig.3.md) (DOCS WIP) (IMPLEMENTATION NOT YET USABLE)

(there's also some very early C bindings, which will be implemented in Zig. I
will begin working on the docs as soon as I feel the C API is sufficiently
usable.)

The ultimate goal is to have as many AppImages in
[aisap's internal library](profiles/README.md) as possible, while smaller, less
known apps may request their own permssions per the developer. Running programs
sandboxed should mostly be seamless and feel native with the system

For additional information on the permission system, see
[here](permissions/README.md)

As it is currently, the main aisap implementation requires a `squashfuse`
binary to function. I have attempted to create Go squashfuse bindings with
essentially zero success, so it will likely remain that way for the forseeable
future. Luckily, I have started working on a Zig implementation of aisap, and
due to Zig's extremely easy C interop, I already have some pretty decent Zig
squashfuse bindings to use. Don't expect the Zig implementation to be done
super soon, but it should be completely self-contained once it is and I will
probably replace the main CLI tool with it.