EasyOS 7.0 reviewed in Distrowatch

Forum member don570 brought this to our attention see forum post:

https://forum.puppylinux.com/viewtopic.php?t=15733

Distrowatch review:

https://distrowatch.com/weekly.php?issue=20250915#easyos

A very nice positive review.

It is good that Jesse identified the merits of the container mechanism, but he did not mention the alternative security strategy, which is to run each application as its own user. Well, this is an underneath thing, not so obvious.

Chromium, for example, runs as user "chromium", so running on the main desktop, not in a container, this provides a degree of isolation. Considering that Chromium also has a sandbox, isolation is pretty good. But also, other apps can be run as their own user, so enhancing isolation between them.

When you click on one of the container icons, for example, "excalibur", you are running the complete EasyOS desktop in a container, as "crippled root". Then if you run Chromium inside that container, it will run as user "chromium", with it's own sandbox. So, you have isolation within isolation within isolation.

Even so, you can share files with the main desktop and other containers, via the '/files' folder, and optionally copy the clipboard. A qualification is that /files/apps/chromium is private to Chromium (and any other Chromiums running on main desktop or containers) and other apps that are running as their own user cannot see into this folder.

Which reminds me, need to update the "How and Why EasyOS is different" web page.   

Tags: easy