[HN Gopher] When Flatpak's Sandbox Cracks
___________________________________________________________________
When Flatpak's Sandbox Cracks
Author : dxs
Score : 16 points
Date : 2025-08-01 20:01 UTC (2 hours ago)
(HTM) web link (www.linuxjournal.com)
(TXT) w3m dump (www.linuxjournal.com)
| forty wrote:
| If this is not AI generated, this is well imitated (with the many
| bullet points in particular)
| kstrauser wrote:
| I never understand these comments. This adds nothing to the
| discussion. And as the editor of Linux Journal, I bet George
| has written plenty of bullet lists over the years. Maybe the
| AIs are copying him, you know?
| duskwuff wrote:
| It's an expression of concern - is this article actually an
| expression of someone's thoughts about a topic of concern, or
| did someone just ask ChatGPT to write them an article about
| Flatpak security?
| kstrauser wrote:
| A great way to address those concerns would be to look at
| the reputation of the person being questioned, who in this
| case is the editor of Linux Journal. That doesn't prove
| he'd never use AI, but it does mean it's not some random
| blogger trying to sell their reputation for cheap karma
| before anyone notices.
|
| But really, I don't care. I'm far more annoyed with people
| racing to cash in with "this looks like it was written by
| AI" on every. single. post. Yeah, we get it. It does not
| make the accuser look more clever or insightful. It makes
| them look like a pest.
| freedomben wrote:
| Indeed, I've been making bullet point lists like that since
| college when I had a communications professor drive it into
| our heads. Yes AI loves the bullet point list, but just
| including one does not make it AI. This is yet another step
| on the overall reduction in quality of writing. Now we have
| to avoid bullet point lists, and inject typos and other
| things into our writing to make it seem more "human." It's a
| road to sadness and the dumbing down of society IMHO.
| WesolyKubeczek wrote:
| I can speak in listicles and use em-dashes -- correctly, mind
| you! -- using only organic neurochemistry-based intelligence of
| my brain.
| WesolyKubeczek wrote:
| Flatpak's "sandbox" is mostly theater, and it gives little when
| it comes to privacy. Apart from the obvious that packages
| sometimes come with overly broad permissions to be usable at all
| (but you are still given a marketing pitch about enhanced safety,
| granted, flatpak.org doesn't do it but flathub does), the fact
| that some paths are denied or some access is revoked is also a
| data point.
|
| I'd like to have a system where I can choose to give any bitmap,
| movie, or blank screen when an application asks me for permission
| to use my camera. It shouldn't know that I have denied it. When
| it asks for my microphone, I should be able to choose to make it
| think I allowed it microphone access with dummy audio stream with
| no audio or audio of my choice. When it asks me to open a file,
| or a directory, it should invoke a system dialog that cannot be
| faked, and when I pick a file/directory for it, that directory or
| file should be bind-mounted into its mount namespace without
| giving it extra information about other files beside it, or
| indeed what's the full path of the file. When recording a screen,
| I should be able to pick which regions and which applications it
| should be able to see, and the system should make it think it's
| all there is.
|
| All the while the application doesn't even have to cooperate.
| This is the important bit.
|
| I think the pieces to do this are mostly there already (portals,
| Pipewire, namespaces), it's just a lot of faff to actually
| implement.
| bestorworse wrote:
| I want that as well, but I don't think it's practical to do
| that on the Linux desktop ecosystem. Too slow, too much
| politics. The gist of it is done by Android though, but that
| required extensive re-engineering of the user space.
|
| Risking getting down voted but I don't want to repeat myself:
| https://news.ycombinator.com/item?id=43255985
| freedomben wrote:
| I would love the capabilities you describe, but I don't think
| it's fair to call flatpak "mostly theater." Yes plenty of
| flatpak apps require you to broaden their perms to the point
| where the sandbox starts to feel pretty weak, and there is
| plenty more to do on the system, but I think it's a good step
| forward.
| AlienRobot wrote:
| Then it's never going to happen.
|
| Linux desktop is a huge mountain of "why this basic obvious
| stuff just doesn't work?"
|
| I mean just stop to consider this. It's 2025. You are still not
| guaranteed to be able to close an application by moving the
| mouse all the way to the top right and clicking, because
| sometimes the X button has a margin at the top. This is insane
| to me. This is like such a basic thing that I have no idea how
| do you even manage to get it wrong.
|
| If Linux can't even get the X button right, do you seriously
| expect anything else to ever get fixed?
| pstuart wrote:
| That's a desktop issue, not a linux issue.
| AlienRobot wrote:
| I don't remember installing "desktop" on my computer.
| Modified3019 wrote:
| I believe this is part of what [Spectrum OS](https://spectrum-
| os.org/) is ultimately trying to do. That said, while it's
| being actively developed, it's not a trivial effort and is
| nowhere near "download the iso and daily drive it".
| CaliforniaKarl wrote:
| That reminds me of something iOS is doing (though I don't know
| when it was introduced).
|
| An app wanted permission to my photos. In addition to the
| normal "Allow" and "Deny" options, I was also given the option
| to allow a subset of photos. I chose that option, and was given
| the normal photos UI, as if I was selecting a set of photos to
| share or delete. I guess in the back-end, iOS constructed a new
| photos library consisting of just the ones I selected.
|
| It was cool! And it's good to see things at least one of the
| things you describe is being shown to a large number of folks.
| Hopefully that'll drive momentum to wider adoption.
| fake-name wrote:
| Flatpak, Snap, appimage, etc...
|
| I have pretty fastidiously avoided ever using any of the "package
| everything into the image" projects, and my life has been
| considerably better off.
|
| All these things serve to do is make the _developer_ experience
| easier, at the cost of delivering a much worse user experience.
|
| I can't think of any reason a user would ever prefer packaged
| variant of something.
___________________________________________________________________
(page generated 2025-08-01 23:01 UTC)