Is it possible to install and use Flatpak as a non-root user?
Parke
parke.nexus at gmail.com
Mon Feb 3 00:12:26 UTC 2020
> On Sat, Feb 1, 2020 at 7:29 PM Parke <parke.nexus at gmail.com> wrote:
> > Summary: I have not yet found a way to install and run Flatpak
> > packages as a non-root user.
On Sun, Feb 2, 2020 at 7:54 AM Dan Nicholson <nicholson at endlessm.com> wrote:
> This is not accurate. Flatpak works fine as an unprivileged user.
My previous emails describe the errors I encountered trying to install
Flatpak (from source) as a non-root user.
I recognize that I may be using Flatpak in a way other than it was
intended. (I am unwilling to give third-party package managers root
access to my machines.)
> You can install and run flatpaks just fine from a user
> installation.
I have not yet succeeded in doing this.
> What you're doing, though, is not equivalent to simply "non-root user"
> since you're calling unshare(). You're trying to run in a sandbox, and
> flatpak also uses a sandbox via bubblewrap.
I started trying to run Flatpak in a Linux user namespace after I was
unable to install and (successfully) run Flatpak as a non-root user.
> If I had to guess, you're
> outer sandboxing is interfering with the sandboxing that bubblewrap
> sets up. Another thing I've run into in the past when trying to use
> flatpak in an alternate root via chroot is that bubblewrap uses
> pivot_root(), and that doesn't work correctly when you're in a root
> entered into with chroot() -
> https://github.com/containers/bubblewrap/issues/135. And that was just
> for installing flatpaks, not for running them.
lxroot calls pivot_root() first, and then chroot().
https://github.com/parke/lxroot/blob/master/lxroot.c#L269
lxroot can nest namespaces inside of other namespaces. I am aware
that other namespace/container tools have problems with this. I
believe the Linux kernel imposes a maximum limit on the depth of
namespace nesting that can occur, but nesting (up to that limit) is
possible.
> The expected configuration is that flatpak is a host tool. Just like
> you wouldn't install docker inside a container and then run containers
> out of that.
Oh, I might nest levels of virtualization. After all, I wrote lxroot
to get exactly that nesting capability. (Void Linux's xpbs build
system did not support such nesting.) I seem to remember that calling
first pivot_root() and then chroot("/") was the "trick" that allowed
me to achieve nesting.
> I'm sure it can be made to work, but I don't think it's a
> well supported configuration.
If someone has built, installed and used Flatpak as a non-root user,
I'd be happy to hear that.
Thus far my attempts have not succeeded (as documented in my previous emails).
Thank you for your assistance!
Cheers,
Parke
More information about the Flatpak
mailing list