permission override - does it defeat the purpose of sandboxing?
Emmanuele Bassi
ebassi at gmail.com
Mon Mar 2 11:07:57 UTC 2020
On Fri, 28 Feb 2020 at 20:33, Winnie Poon <winniepoon_home at hotmail.com>
wrote:
> Hi all,
>
> i must be missing something so please help to clear my confusion.
>
> What's the point of packaging an app as flatpak app with restricted
> permissions, when users can easily open up any permissions by doing :
>
> flatpak run --filesystem=host ....
>
> or use override to permanently override an app's permissions.
>
>
That's the *user's prerogative*. In other words: the user must consent to
opening up the sandbox on their own system, for a specific application.
Additionally, the override isn't really permanent, and can be revoked at
any time by the user themselves.
> So we package an app in a nice bubble wrap, give it to user and user can
> remove the whole bubble wrap? or can the user?
>
>
No, the application will still run into a separate user namespace and a
file system sandbox for its own run time, but the rules for accessing
resources—like user files, network interfaces, or IPC methods—can be
relaxed at the user's request.
> For snap, seems like they have something called a "developer mode", does
> flatpak has something like that so a "regular" user cannot easily override
> the permissions?
>
That's really not what Snap's "developer mode" is…
> --------------------------
> Developer mode
> Sometimes it is helpful when developing a snap to not have to worry about the security sandbox in order to
> focus on developing the snap. To support this, snappy allows installing the snap in developer mode
> which puts the security policy in complain mode (where violations against security policy are logged,
> but permitted).
> For example:sudo snap install --devmode <snap>
>
> -------------------------------------------
>
>
If the restrictions are lifted and replaced with a logged version, then the
sandbox is, effectively, removed. Additionally, Snap's sandbox is different
from Flatpak's, being based on a Linux kernel security module that
restricts access to the kernel's interfaces.
In any case, it would be more helpful if you explained us what are you
trying to achieve. Why are you worried about users lifting the sandbox
restrictions on their own systems?
Ciao,
Emmanuele.
--
https://www.bassi.io
[@] ebassi [@gmail.com]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/flatpak/attachments/20200302/512cdfe1/attachment.htm>
More information about the Flatpak
mailing list