Sandbox rw mounts: newbie question
Andrey Butirsky
butirsky at gmail.com
Sun Nov 11 01:20:23 UTC 2018
Hello,
from Flatpak wiki https://github.com/flatpak/flatpak/wiki/Sandbox:
in the sandbox, "all mounts are read-only, except" a few.
But I see a lot of rw mounts in my apps sandboxes. Moreover, they seem
shared between the apps, so apparently one app can write to
/etc/profile.d/ and break things for others.
Please, help to understand:
tmpfs on / type tmpfs (rw,nosuid,nodev,relatime,uid=1001,gid=1001)
tmpfs on
/run/flatpak/ld.so.conf.d/runtime-001-org.freedesktop.Platform.html5-codecs.conf
type tmpfs (rw,nosuid,nodev,relatime,uid=1001,gid=1001)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
tmpfs on /etc/passwd type tmpfs (rw,nosuid,nodev,relatime,uid=1001,gid=1001)
tmpfs on /etc/group type tmpfs (rw,nosuid,nodev,relatime,uid=1001,gid=1001)
tmpfs on /etc/pkcs11/pkcs11.conf type tmpfs
(rw,nosuid,nodev,relatime,uid=1001,gid=1001)
/dev/sdb1 on /etc/geoclue type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/issue type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/ssl type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/gtk-3.0 type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/security type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/netconfig type ext4
(rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/vdpau_wrapper.cfg type ext4
(rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/services type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/protocols type ext4
(rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/mke2fs.conf type ext4
(rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/drirc type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/xdg type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/dbus-1 type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/environment type ext4
(rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/rpc type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/bindresvport.blacklist type ext4
(rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/fonts type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/ld.so.cache type ext4
(rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/issue.net type ext4
(rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/ca-certificates.conf type ext4
(rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/xattr.conf type ext4
(rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/pulse type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/nsswitch.conf type ext4
(rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /etc/profile.d type ext4
(rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /var/cache type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /var/data type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /var/config type ext4 (rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /var/tmp type ext4 (rw,nosuid,nodev,relatime,data=ordered)
tmpfs on /etc/ld.so.conf type tmpfs
(rw,nosuid,nodev,relatime,uid=1001,gid=1001)
tmpfs on /dev type tmpfs
(rw,nosuid,nodev,relatime,mode=755,uid=1001,gid=1001)
devtmpfs on /dev/null type devtmpfs
(rw,nosuid,relatime,size=8192k,nr_inodes=884067,mode=755)
devtmpfs on /dev/zero type devtmpfs
(rw,nosuid,relatime,size=8192k,nr_inodes=884067,mode=755)
devtmpfs on /dev/full type devtmpfs
(rw,nosuid,relatime,size=8192k,nr_inodes=884067,mode=755)
devtmpfs on /dev/random type devtmpfs
(rw,nosuid,relatime,size=8192k,nr_inodes=884067,mode=755)
devtmpfs on /dev/urandom type devtmpfs
(rw,nosuid,relatime,size=8192k,nr_inodes=884067,mode=755)
devtmpfs on /dev/tty type devtmpfs
(rw,nosuid,relatime,size=8192k,nr_inodes=884067,mode=755)
devpts on /dev/pts type devpts
(rw,nosuid,noexec,relatime,mode=620,ptmxmode=666)
devpts on /dev/console type devpts
(rw,nosuid,relatime,gid=5,mode=620,ptmxmode=000)
/dev/sdb1 on /run/user/1001/app/org.flatpak.Hello type ext4
(rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /home/bam/.var/app/org.flatpak.Hello type ext4
(rw,nosuid,nodev,relatime,data=ordered)
tmpfs on /tmp/.X11-unix type tmpfs
(rw,nosuid,nodev,relatime,mode=755,uid=1001,gid=1001)
/dev/sdb1 on /run/user/1001/bus type ext4
(rw,nosuid,nodev,relatime,data=ordered)
/dev/sdb1 on /run/user/1001/at-spi-bus type ext4
(rw,nosuid,nodev,relatime,data=ordered)
More information about the Flatpak
mailing list