App incarceration with Libertine
Many traditional X11-based applications don’t work with the Mir display server that powers Unity 8, not out of the box anyway. For example, try opening Firefox or LibreOfficeWriter and you’ll be met with a splash screen and spinning progress doodle that goes nowhere. These lastgeneration applications can be coerced into running using the Libertine sandboxing layer. This runs old packages safely inside an LXC container. One of the (many, many) reasons there is such a push to move away from X11 is because there is no inbuilt mechanism for isolating applications from one another. Any client can read input events and window data from any other, which makes writing keyloggers and other spyware much easier. This is a serious problem, especially when we consider that different users may be connecting to the same X server at the same time. With Mir (and Wayland, the other display server of the future), applications are confined from each other, and things ought to be much more secure.
By sandboxing old X11 applications they can be isolated from the rest of the system and, through the use of multiple containers, each other. These legacy applications will need to be installed into the container separately, even if they already exist on your system. Furthermore, each container requires around 500MB of space (before you even do anything with it) so you may prefer just running X11 applications natively, ie, in Unity 7. There are some packages to install before you can see what the future running the past looks like: $ sudo apt install libertine libertine-scope
Scroll through the application list and you’ll find a LibertineManager has appeared. Start this and you’ll be prompted to configure “Classic Application Support”. Then you get some options about what to call your container, whether it needs 32-bit support and whether or not you want to protect it with a password. Once that’s all set up we’re ready to install some packages, which can be done by
selecting the container and clicking the plus sign in the top right. You can search for packages by name, or choose from recently downloaded .deb files. As we’re accustomed to, it’s also possible to do administer Libertine containers and the packages there interred from the command line, using libertine
container-manager . For example, to install the whole LibreOffice suite in a container called
zesty we can type: $ libertine-container-manager install-package --id zesty --package libreoffice
Some non-Mir applications will work without being containerised in this way, through the Xmir compatibility layer, but they are drawn with Unity 7 titlebars below the new style ones. This looks odd, but does give you a choice of which close button to use. The standard Ubuntu Terminal application doesn’t start, but there is a Mir alternative, which rather overcautiously asks you for your password before it starts. ‘Tis better to be safe than sorry.