<div dir="auto">You're right, I was forgetting the unprivileged nature of the sandbox.</div> <div class="gmail_quote"><div dir="ltr">On Thu, Mar 22, 2018, 6:36 AM Alexander Larsson <<a href="mailto:alexl@redhat.com">alexl@redhat.com</a>> wrote: </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I don't think that is (or should be) possible. If the sysadmin made a mount noexec, then a non-privileged app like flatpak/bubblewrap should not be able to undo that. I mean, if "noexec" is essentially optional, what use is it? On Wed, Mar 21, 2018 at 9:10 PM, Nicholas Bishop <<a href="mailto:nicholasbishop@gmail.com" target="_blank" rel="noreferrer">nicholasbishop@gmail.com</a>> wrote: > Hi, > > I ran into an issue with the Steam application. It wants to install an > executable into the home partition. I am testing on a system with home > mounted as noexec, and it seems that gets propagated to the sandboxed home > mount when running the flatpak. > > I think I can work around this by bind mounting ~/.var and remounting it > with the exec flag, but I was wondering if there's a way to fix this in > flatpak itself. > > -Nicholas > > _______________________________________________ > Flatpak mailing list > <a href="mailto:Flatpak@lists.freedesktop.org" target="_blank" rel="noreferrer">Flatpak@lists.freedesktop.org</a> > <a href="https://lists.freedesktop.org/mailman/listinfo/flatpak" rel="noreferrer noreferrer" target="_blank">https://lists.freedesktop.org/mailman/listinfo/flatpak</a> > -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Alexander Larsson Red Hat, Inc <a href="mailto:alexl@redhat.com" target="_blank" rel="noreferrer">alexl@redhat.com</a> <a href="mailto:alexander.larsson@gmail.com" target="_blank" rel="noreferrer">alexander.larsson@gmail.com</a> </blockquote></div>