Flatpak Apps Confined

I want to gather some Info on that topic.

Flatpak uses its own permission system, but currently many apps have very broad permissions.

I am also not sure if some permissions are missing, like Clipboard access or “everything but my ssh keys”.

I heard Flatpaks are kind of a mess, but Fedora Flatpaks are not widely used for many reasons, they are unofficial and use a nonstandard runtime.

So would one need to create a new context for every Flatpak? Could the one of the RPM be taken, or are they different for example because of how they access the filesystem?

xdg-desktop-Portals is supposed to fix this issue with all the permissions that flatpaks currently need to operate well, here is a video from the author of the OBS Flatpak

Also i am working on a side project where I test experimental Browsers and apps in a confined context I get a little off topic a bit but the work is there . . .

Run Browser toolbox container with a different SELinux context

1 Like