Sandboxing

Alexander Larsson alexl at redhat.com
Mon Aug 6 08:16:24 UTC 2018


On Wed, Jul 11, 2018 at 4:00 PM, Joe Smith <justman111111 at gmail.com> wrote:

> To whom it may concern,
>
> I wanted to enquire a few security questions. Can flatpak sandboxiing do
> the following:
>
>    - Prevent apps from having access to the user name
>
>
No, the user name is visible to all apps.


>
>    - Taking screenshots without the consent of the user
>
>
This works only if the user is using Wayland, not X11.


>
>    - Having Internet access
>
>
Yes, sandboxes can either have no, or full network access.


>
>    - Limiting which applications can have access to which directories
>
>
Yes.


> I have further questions about flatpak which are:
>
>    - When I install an application through flatpak, does it automatically
>    get sanboxed?
>
>
All apps are sandboxed to some degree, but the details differ from app to
app. The application requests a list of permission during install, and once
installed those are granted by default. The user can chose to override
these, but generally that means the app is likely to not work (because it
needed that permission).


>
>    - Does Sandboxing applications slow it down, if so by how much?
>
>
In theory there is some slowdown as there are additional kernel-side
checks, but its basically negligible.


>
>    - If I have installed an application NOT from flatpak, then is it
>    still possible to sandbox that application through flatpak?
>
> No.


>
>    - What is *flathub*?
>
>
Flathub is a central location for many apps packaged as flatpaks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/flatpak/attachments/20180806/c4854727/attachment.html>


More information about the Flatpak mailing list