--share=network permission
Alexander Larsson
alexl at redhat.com
Wed Sep 4 08:45:08 UTC 2019
On Tue, Sep 3, 2019 at 9:28 PM Winnie Poon <winniepoon_home at hotmail.com> wrote:
>
> Hi,
>
> i'm working on running our product in the flatpak sandbox environment, and we had to punch a few holes, one being "--share=network" for it to work.
>
> wanna see how others do it. It seems like this network hole is a big hole to punch. By relaxing this permission, would it defeat the purpose of a sandbox environment? Is there a better way than this blanket access?
I think a majority of apps these days use some form of network access.
Its definately not something that e.g. android or iphone warn you
about when installing an app. So, I think in general this is fine.
However, it would be nice if we had a way to grant less than "full"
network access. For example a NATed/firewalled mode where incoming
accesses would be disallowed. However, at this point that is
technically hard to do as an unprivileged user with the current kernel
APIs.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl at redhat.com alexander.larsson at gmail.com
More information about the Flatpak
mailing list