this post was submitted on 06 Nov 2023
548 points (94.6% liked)
Linux
48376 readers
1772 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What if your app actually needs access to the internet?
Or actually do anything useful? No network, no filesystem.. it's a hello world app isn't it..
No filesystem access for a flatpak app just means it cant read host system files on its own, without user permission. You can still give it files or directories of files through the file explorer for the app to work with, just that it's much safer since it can only otherwise view files in its sandbox.
Which is fine for some apps, try that with an IDE.
Why does an IDE need unfettered access to my whole FS? Access to the project directory, and maybe the runtime directory, have to be enough.
To be fair, the title says more apps, not all apps..
As if sandboxes are some brand new concept...
Of course people want them for some use-cases. No one here is saying that every application in the world should be restricted that way, grandpa.
Yeah things like selinux and apparmor have been around for a long time, sandboxing is just an evolution of that
Maybe not here in this thread, but aren't there some folks who want flatpak/snap/appimage to basically replace traditional package managers?
Doesn't make it a prevailing attitude worthy of whatever nonsense that other guy is spouting.
There might be people who think that, but that isn't realistic. Flatpak is a package manager for user facing apps, mostly gui apps.
The core system apps will still be installed by a system package manager. I.e rpm-ostree on immutable Fedora or transactional-update/zypper on OpenSUSE MicroOS.
Snap can do system apps and user facing apps and fully snap-based Ubuntu might come in the future.
But this won't force people to use them. Traditional package managers will keep existing for system apps and maintainers will proabably keep their gui packages in the repos.
Nobody was freaking out about sandboxing.
Says the person speaking for the whole community.
Lmao so you saying "the community" isn't actually you speaking for the community, but when I say "nobody" suddenly I was being literal.
Nice mental gymnastics.
Also nowhere did I say or even imply that I think you don't like sandboxing... You're pretty bad at this.
There are portals: https://docs.flatpak.org/en/latest/desktop-integration.html#portals . they allow secure access to many features. Also any flatpak app still has access to a private app-specific filesystem, just not to the host.
Doesn't work for all applications but for many sand boxing is possible without a loss of features.
There's Obfuscate, an image redactor, and Metadata Cleaner which is self-descriptive. Both works properly without any filesystem access at all, because they use the file picker portal to ask the user for the files to be processed.
Portal.
Oh come on, what modern program actually needs to communicate or access the file system?
Exactly all programs should be web based cloud subscription only. We don't want that filthy code on our rgb nvme drives
Lol, sorry no network access either.
Wouldn't want the gaping security hole open that is hypnotizing the user via RGB control.
BRB, modulating my RGB to send data...
Download the internet along with it!
I'm self-hosting the entire internet. I hope you guys are enjoying yourselves.
https://github.com/iiab/iiab
That's super cool. I bookmarked it. Thanks!
Lol
Thanks for having us on your server... when can I get out again though?
I just unplugged you. Give it a minute or two and no more pain.
Thank you, good... bye
Jane
I remember in 1995-ish or something when I used the internet for the first time using the Netscape browser.... And I was asking a friend if he had tried all the web sites yet. Just got a weird look back.... :) I didn't know what the internet was back then at first.
The app can then declare the network permission and it will still be marked as safe.