Maybe "found out" is the wrong phrase. These are issues that have been known to exist for the longest time. It's functionality that just hasn't been written yet, but it's misleading because a lot...
Maybe "found out" is the wrong phrase. These are issues that have been known to exist for the longest time. It's functionality that just hasn't been written yet, but it's misleading because a lot of people see "sandboxing" and think "safe." Flatpak, at least right now, is just a convenient(?) packaging format. Since the Flatpak can request whatever permissions it likes in its manifest with no interface to deny or even really review them, the sandboxing's just not terribly useful.
AppImage + some actual dedicated sandboxing like FireJail works great though, although setting up new profiles for FireJail is a slight pain.
Yeah, I agree, most of these are on maintainers, not the flatpak itself or the implementation, only suid one is an implementation bug. These problems are fixable, but of course they need fixing,...
Yeah, I agree, most of these are on maintainers, not the flatpak itself or the implementation, only suid one is an implementation bug. These problems are fixable, but of course they need fixing, and I'm on the record promoting and advocating for Flatpak adoption, so I figured it would be good if I posted it.
Actually, you can remove those permissions using either Gnome settings since 3.32 or some Flatpak commands. Heck, you can change the manifest yourself and build it, all of the manifest are...
Actually, you can remove those permissions using either Gnome settings since 3.32 or some Flatpak commands.
Heck, you can change the manifest yourself and build it, all of the manifest are available under the Flathub Organisation on Github.
Maybe "found out" is the wrong phrase. These are issues that have been known to exist for the longest time. It's functionality that just hasn't been written yet, but it's misleading because a lot of people see "sandboxing" and think "safe." Flatpak, at least right now, is just a convenient(?) packaging format. Since the Flatpak can request whatever permissions it likes in its manifest with no interface to deny or even really review them, the sandboxing's just not terribly useful.
AppImage + some actual dedicated sandboxing like FireJail works great though, although setting up new profiles for FireJail is a slight pain.
Yeah, I agree, most of these are on maintainers, not the flatpak itself or the implementation, only suid one is an implementation bug. These problems are fixable, but of course they need fixing, and I'm on the record promoting and advocating for Flatpak adoption, so I figured it would be good if I posted it.
Actually, you can remove those permissions using either Gnome settings since 3.32 or some Flatpak commands.
Heck, you can change the manifest yourself and build it, all of the manifest are available under the Flathub Organisation on Github.
And rather unconvincing. The comments below that post offer a good critique of the post itself.