reading /etc/crypto-policies from host

smitna at gmail.com smitna at gmail.com
Wed Nov 25 04:41:28 UTC 2020


Fedora 33 ships with tooling that enables central control of policy for
various crypto libs:

* https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
* crypto-policies(7)

It writes configuration for supported crypto libs (openssl, gnutls,
etc.) in /etc, and I'd like my installed flatpaks to honor that
configuration but this seems impossible.  For example, a filesystem
override is not effective; quoting flatpak-metadata(5):

  host-etc
       The host operating system's configuration from /etc.

       To avoid conflicting with the Flatpak runtime, this is mounted
       in the sandbox at /run/host/etc.

Is there a feature available in flatpak to address this?  The option "-
-add-policy=SUBSYSTEM.KEY=VALUE" from flatpak-run(1) might be relevant
here but I'm not certain.



More information about the Flatpak mailing list