undefined | Better HN

0 pointsqwerty4561275y ago0 comments

> Are these features lacking?

I mean they are lacking if we don't use Flatpack or an alternative so we have to either use it or invent something better.

> Seriously though, I am not sure how most of Gimp, VSCodium, PyCharm, Octave, Inkscape, Audacity or VLC will be useful to me or anybody else without host fs access.

I don't need any of these to access anything outside a specific directory (or a small selection of such, but I don't need them to access the full home dir, let alone the full root fs, even for reading). Hopefully flatseal can do this.

0 comments

5 comments · 2 top-level

cheph5y ago· 3 in thread

> Are these features lacking?

Well, as I said I see them in flatseal so either flatseal is misleading or the features are there, and I have no reason to think flatseal is trying to deceive me so I assume they are there.

> I don't need any of these to access anything outside a specific directory (or a small selection of such, but I don't need them to access the full home dir, let alone the full root fs, even for reading).

Fire up flatseal and change the permissions to what you want it. I'm sure you can also petition for xdg-code directory or something and then keep all your code there and request the packages be changed to default only work under there but I suspect most people would not be so happy with this.

I am not sure how you expect the package maintainers to know where exactly on your FS you keep your code, I also don't keep mine in my home directory.

And maybe a blacklist would make sense, but if all that is needed is a blacklist then I would harldy say that flatpak failed because it is not really that difficult to fix that deficiency.

EDIT: Actually blacklisting is supported, see --nofilesystem in https://docs.flatpak.org/en/latest/flatpak-command-reference...

So really everything is there, maybe everything is not available in a nice neat UI, maybe the UX is not what it should be, but the core underlying system is not "lacking" these capabilities AFAICT.

qwerty456127OP5y ago

You've misinterpreted me. I don't say Flatpack is failed because it is "lacking" these capabilities. Quite the contrary. I mean we need Flatpack or something alike because that's what they offer. BUT Flatpack and Snap (and some other alike, I can't remember, there were 2 more) seem failed because everybody around seem hating them. There are just so many negative comments around. Therefore we probably need something like Flatpack but way better so people wouldn't be dissatisfied.

srtjstjsj5y ago

If you must open flatseal config, it's a bad system. What should happen is that everything should be forbidden by default, and attempts to access files or dirs are individually approved (if the file is opened interactively, it's naturally part of a trusted system file picker that approves the access and gives the filename to the app when you click the selection button), and you can make large config edits if you want to.

cheph5y ago

Seems like a pretty good idea, and it would be a nice if someone added this functionality to flatpak. I am still happy that flatpak is there because it is better than nothing and for most apps I use it with the permissions is exactly as I expect them to be.

johnisgood5y ago

> I don't need any of these to access anything outside a specific directory

What's wrong with firejail?

j / k navigate · click thread line to collapse

0 comments

5 comments · 2 top-level

cheph5y ago· 3 in thread

> Are these features lacking?

Well, as I said I see them in flatseal so either flatseal is misleading or the features are there, and I have no reason to think flatseal is trying to deceive me so I assume they are there.

I am not sure how you expect the package maintainers to know where exactly on your FS you keep your code, I also don't keep mine in my home directory.

And maybe a blacklist would make sense, but if all that is needed is a blacklist then I would harldy say that flatpak failed because it is not really that difficult to fix that deficiency.

EDIT: Actually blacklisting is supported, see --nofilesystem in https://docs.flatpak.org/en/latest/flatpak-command-reference...

So really everything is there, maybe everything is not available in a nice neat UI, maybe the UX is not what it should be, but the core underlying system is not "lacking" these capabilities AFAICT.

qwerty456127OP5y ago

srtjstjsj5y ago

cheph5y ago

johnisgood5y ago

> I don't need any of these to access anything outside a specific directory

What's wrong with firejail?

j / k navigate · click thread line to collapse