Cannot access host's /tmp from inside flatpak

As pointed out here Sandbox Permissions - Flatpak documentation, I clarified /tmp as a permission separately.

   "finish-args" : [
        "--share=network",
        "--share=ipc",
        "--socket=fallback-x11",
        "--device=dri",
        "--socket=wayland",
        "--filesystem=host",
        "--filesystem=/tmp",
        "--socket=system-bus",
        "--socket=session-bus",
        "--socket=ssh-auth",
        "--socket=pcsc",
        "--talk-name=org.freedesktop.Flatpak",
        "--talk-name=org.freedesktop.PolicyKit1",
        "--persist=.polkit"
    ],

However, attempts to save files to there end in failure:

Traceback (most recent call last):
  File "/app/share/evade/evade/config_composer.py", line 383, in <module>
    with open('/run/host/tmp/current_config.json', "w") as file:
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/run/host/tmp/current_config.json'

Here are contents of /run/host printed:

Contents of /run/host as they are recognized by sandboxed script:

container-manager
usr
bin
lib
lib64
sbin
etc
os-release
fonts
fonts-cache
user-fonts-cache
font-dirs.xml

I’m a little confused: the title and the first part of your post talk about /tmp, but then you try to write to /run/host/etc? /etc is not writable by your user, so it isn’t writable by your user inside the Flatpak sandbox either.

1 Like

Oh, sorry. I tried to write to several files I could not find, made several tests, and as I was eepy before going to bed for the night I accidentally attached an output of the wrong one. Here is the result of accessing /tmp:

Traceback (most recent call last):
  File "/app/share/evade/evade/config_composer.py", line 383, in <module>
    with open('/run/host/tmp/current_config.json', "w") as file:
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/run/host/tmp/current_config.json'

I corrected it in the post.

--filesystem=/tmp makes /tmp available at /tmp inside the sandbox, not /run/host/tmp.

1 Like

Thanks, it seems to be available there. Weird design decision.