I’m still working to get my head wrapped around the flatpak vs. rpm discussion and I’m trying to understand how flatpaks work. Is it correct to suggest that flatpak “brings” its own libs with it, so it’s siloed and “more secure” because of that? If so, does that mean if multiple apps use the same libs but are installed “flatly” then there would be much more space consumed? Or, is there almost like a “shared” flatpak lib dir? If so, wouldn’t that just make it an rpm install?
If all this is adequately covered by an only FAQ or wiki, could someone point me to it because I haven’t been able to find one…
Flatpaks have both bundled libs and can leverage shared runtimes also installed via flatpaks.
Flatpaks use vastly more disk space than rpms.
Flatpaks are partially sandboxed depending on how they are configured. Flatpak permissions are not very granular.
If you don’t want to read the docs, an easy way to see how they work is to install a couple of flatpaks and flatseal. You quickly see how much disk space they consume and flatseal will show you how the permissions work.
Other then the bandwidth consumed, there is very little harm in installing some flatpaks. You can easily remove them all if you want to.
To give you an idea, I have 3 flatpaks installed. flatseal, librewolf and zoom.
flatpaks have 2 differing install modes. --system which makes the packages/libraries available to all, and --user which makes the package only available to the user installing them.
In --user mode everything is restricted to the users home directory tree so things are containerized and almost 100% self contained. Yes this means duplicated libraries/etc. for many packages.
In --system mode some is installed system wide and if already available is not duplicated.
A start on documentation is here.
If you have the flatpak app installed and enabled the repo then “man flatpak” will give you a lot of info as well.
So, as for disk space, flatpaks are “bulkier,” but possibly more secure due to the sandboxing nature; what about memory usage? I’ve seen many anecdotal points about flatpaks being slower, but my thoughts were that because all the libs are “in one place,” they should actually be faster. No?
I have a few installed already and have always found Flatseal to be genius!
Do you happen to know, @computersavvy, if flatpak installs default to --user or --system?
Using own libraries consumes more memory in general due to not using shared libraries.
Also own libraries mean a lot of potentially outdated libraries with known vulnerabilities.
Moreover, security benefit is mostly theoretical and depends on the vendor implementation.
Many vendors do not use isolation, and it can be silently disabled upon the package update.
Thanks, @augenauf; I checked those sources out before I posted and just didn’t think they provided a comprehensive discussion of how flatpaks use resources and shared libs.
Good points, @vgaetera; I appreciate your thoughts!
I think there may be a distinct difference in security due to the way installed. If installed as user they likely are more secure than when installed as system apps, if for no other reason than the libraries are also user owned as is the app itself and everything is installed under the users home directory.