As pointed out here Sandbox Permissions - Flatpak documentation, I clarified /tmp
as a permission separately.
"finish-args" : [
"--share=network",
"--share=ipc",
"--socket=fallback-x11",
"--device=dri",
"--socket=wayland",
"--filesystem=host",
"--filesystem=/tmp",
"--socket=system-bus",
"--socket=session-bus",
"--socket=ssh-auth",
"--socket=pcsc",
"--talk-name=org.freedesktop.Flatpak",
"--talk-name=org.freedesktop.PolicyKit1",
"--persist=.polkit"
],
However, attempts to save files to there end in failure:
Traceback (most recent call last):
File "/app/share/evade/evade/config_composer.py", line 383, in <module>
with open('/run/host/tmp/current_config.json', "w") as file:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/run/host/tmp/current_config.json'
Here are contents of /run/host printed:
Contents of /run/host as they are recognized by sandboxed script:
container-manager
usr
bin
lib
lib64
sbin
etc
os-release
fonts
fonts-cache
user-fonts-cache
font-dirs.xml