extra apps and locales
Robert McQueen
rob at endlessm.com
Thu Feb 16 17:30:10 UTC 2017
On 16/02/17 15:29, Alexander Larsson wrote:
> On Thu, 2017-02-16 at 10:31 +0000, Robert McQueen wrote:
>>
>> So that leads to my next (this might be terrible) idea which is to
>> add
>> support for a read-only overlay mount to bubblewrap, so in the case
>> your
>> extra app has been "uprooted" from /usr you can add an invocation to
>> this flatpak to layer /app/extra on top of /usr and nobody is any
>> the
>> wiser...
>
> Overlayfs was considered in the flatpak design and explicitly avoided
> for several reasons:
See... I thought it might be a bad idea. :(
> * Its not considered safe by the kernel people to expose as mountable
> by unprivileged user namespaces.
Right - I did search for overlayfs and usernamespaces and found the LWN
article about the exploit that was only applicable to Ubuntu because
they enabled this.
> * It adds requirements on the kernel version that not everything has.
> * Its behaviour is not posix compliant, which often causes trouble
> (for instance you can't untar files on it).
Yuck... TIL.
> * Merging layers is problematic if the underlying layer changes over
> time, which happens in flatpak (but not e.g. in docker). A toplevel
> layer could easily accidentally override an updated file in the lower
> layer.
>
> So, this is not going to happen.
Thanks for the thoughts!
Regards,
Rob
........................................................................
Robert McQueen | +1.415.413.4159 | Endless <http://endlessm.com/>
More information about the xdg-app
mailing list