--share=network permission
Matthias Clasen
mclasen at redhat.com
Thu Sep 5 14:46:00 UTC 2019
On Wed, Sep 4, 2019 at 4:45 AM Alexander Larsson <alexl at redhat.com> wrote:
> On Tue, Sep 3, 2019 at 9:28 PM Winnie Poon <winniepoon_home at hotmail.com>
> wrote:
> >
> > Hi,
> >
> > i'm working on running our product in the flatpak sandbox environment,
> and we had to punch a few holes, one being "--share=network" for it to work.
> >
> > wanna see how others do it. It seems like this network hole is a big
> hole to punch. By relaxing this permission, would it defeat the purpose of
> a sandbox environment? Is there a better way than this blanket access?
>
> I think a majority of apps these days use some form of network access.
> Its definately not something that e.g. android or iphone warn you
> about when installing an app. So, I think in general this is fine.
>
> However, it would be nice if we had a way to grant less than "full"
> network access. For example a NATed/firewalled mode where incoming
> accesses would be disallowed. However, at this point that is
> technically hard to do as an unprivileged user with the current kernel
> APIs.
>
There have been some suggestions that this could be done as a portal that
talks to NetworkManager to set up some tunnel. Do you think that is
something we should pursue ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/flatpak/attachments/20190905/794f64ea/attachment.html>
More information about the Flatpak
mailing list