|
|
Subscribe / Log in / New account

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

Posted Mar 18, 2025 9:40 UTC (Tue) by intelfx (subscriber, #130118)
In reply to: flatpacks falling flat, packing bugs, snaps snapping resources, both suck by mbunkus
Parent article: Fedora discusses Flatpak priorities

Are you sure the flaw is *fundamental*?

If you think that what Flatpak does is "a way to sandbox, just not a really comprehensive or good one", then *what exactly* would be a comprehensive or a good one instead?

to post comments

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

Posted Mar 18, 2025 9:58 UTC (Tue) by mbunkus (subscriber, #87248) [Link] (1 responses)

I haven't thought about how file access might be sandboxed better because I'm not interested in designing such systems. I'm simply observing & reacting to how it affects me as an application developer. To me it seems that the sandboxes targeting the Linux desktop use the "require user interaction for each file accessed" model. This has two problems that I can see right from the start:

1. The "files referencing other files" issue I've already mentioned
2. Making it much harder for cli-only applications as they usually don't use GUI libraries such as Qt, meaning there's no easy way to shove portal-like functionality in there without having to adjust your code — but I may be wrong here; I simply have never seen it (Flatpak is very much tailored towards GUI applications; as a matter of fact you cannot package cli-only applications as Flatpaks properly)

There are two other sandboxing systems out there that I know about tangentially: Android & systemd. I know little about Andoid, but what little I know seems to be a two-part system: an application always has access to its own private piece of land within the file system that no other application has access to, and you can grant it access to the rest of the non-system parts of the file system via Android's permission system. It's not as fine-granular as Flatpak's system but requires much less interaction. It benefits from the fact that Android itself has a rigid design that it can impose on all applications, unlike generic Linux systems where users can store files anywhere, really.

systemd's sandboxing system is quite fine granular as you can set up certain paths to be read-only, others to be read/write, restrict capabilities etc. However, this setup is required before the program is started, meaning the admin has to know in advance which parts of the file system will be accessed in which way. This works fine for well-known daemons; it doesn't work so well for applications dealing with general user data such as LibreOffice or my own applications. In my case users often have stuff in their home, or on mounted network shares, on in places such as /data on different partitions etc. etc.

Again, I have no solutions here. This is a hard problem. Maybe there isn't a good one-model-fits-all solution at all, though I hesitate to say that as I certainly lack the knowledge in the area of sandboxing techniques to make such an assertions.

Maybe I'm just a bit annoyed with statements such as "<sandboxing technique> apps are more secure as they limit what the application can access". Yeah, it's partially true, and I'm probably just an annoying nitpicker.

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

Posted Mar 18, 2025 10:18 UTC (Tue) by intelfx (subscriber, #130118) [Link]

> I know little about Andoid, but what little I know seems to be a two-part system: an application always has access to its own private piece of land within the file system that no other application has access to <...>

> systemd's sandboxing system is quite fine granular as you can set up certain paths to be read-only, others to be read/write, restrict capabilities etc. However, this setup is required before the program is started

Flatpaks also have their own internal store that they can access freely without any permissions. They also have an option to statically require RO or RW access to specific parts of the host filesystem (like systemd daemons).

> <...> and you can grant it access to the rest of the non-system parts of the file system via Android's permission system

Like you said, in Android's case, this likely only works because *almost all* storage is compartmentalized. So "non-system parts of the file system" is basically "free-form user files". There's no way for an app to abuse this grant to access system files or, importantly, other apps' files.

On Linux, this is not an option — direct filesystem access (even limited to non-system files) is a much broader brush. Except, maybe, if you filter all the dotfiles via some kind of security layer (and even then, you'll eventually get stuck with either false-positives or false-negatives).

Perhaps what's missing is just an ability for an app to request access to the containing directory along the user-picked file, or request access to a precomputed path. Does not sound like a *fundamental* problem to me — has anyone tried asking the XDG guys to add this to the relevant portal spec?

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

Posted Mar 18, 2025 9:58 UTC (Tue) by Wol (subscriber, #4433) [Link] (11 responses)

> Are you sure the flaw is *fundamental*?

If by "fundamental" you mean "a real pain in the proverbial for the user", then I think it is. Unless you comprehensively think through all use-case scenarios (which imnsho most developers are cognitively incapable of doing) you are going to have quite a horde of users complaining "my use case is broken".

For example, something I do, for very simple and good reasons, is have a humungous load of hard links all over my system. Less so now, but my wife and I took loads of photos (my camera tells me it can only store 1100 photos on the 100GB of flash cards in it ...) so they were all stored in a central area, owned by root (to prevent accidental damage), and linked everywhere they were required. Niche usage, sure, but most apps don't have a clue about that sort of setup. And there'll be plenty of other niche cases out there ...

Cheers,
Wol

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

Posted Mar 18, 2025 10:06 UTC (Tue) by intelfx (subscriber, #130118) [Link] (10 responses)

No, by *fundamental* I mean "essential to how Flatpak operates", "unfixable".

It might be an important problem, but I'm almost certain it's not a fundamental one.

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

Posted Mar 19, 2025 6:26 UTC (Wed) by andrejp (guest, #47396) [Link] (9 responses)

Actually, it is. Both. See my original message.

It's akin to scratching your ass if your arm itches. It might feel good, but won't actually do anything about the itch. Alas the "Lennarts" of the world insist that "this isn't the itch you're looking for" (waving hand) and would instead provide users with a fat sticker to put over the arm, claiming that that will somehow fix or prevent any and all itches. Which in theory sounds fine until the arm starts to itch anyway. For which Lennarts provide more, bigger and fatter stickers, along with a stick as a "free" bonus (so don't complain, 'coz it's free) so you can scratch your ass more conveniently.

Check the internet. Or at least LWN. Seems like a whole lot of people with itches they can't scratch, 'coz Lennart and his one-fix-for-all stickers.

The solution ofc is to uninstall Lennart, along with packs that fall flat, snaps that mostly snap the system's resources, and systemT (T as in "trash"). Then the itch can be scratched by the user in the proper place. And if you want to feel good too, you can also scratch your ass, even if it doesn't itch. All without Lennart's "free" sticks and stickers.

It's pretty simple actually. A system-wide MAC can do it. It's helpful if a systems integrator ("distro") - and /not/ the 3rd party that provides the app - provides the default MAC sandbox for the app(s), but not strictly required. Then the *user* can add the required permissions/exceptions for *his* use case. All "in the system" (and not "in the app package"). No Lennart required.

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

Posted Mar 19, 2025 6:42 UTC (Wed) by zdzichu (subscriber, #17118) [Link] (6 responses)

Such an elaborate comment, ruined by hate speech and personal attacks. Don't do it again, please keep the discussion civil.

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

Posted Mar 19, 2025 9:42 UTC (Wed) by andrejp (guest, #47396) [Link] (5 responses)

If you're seeing "hate speech", you should probably check the dictionary on what that actually means.

That I loathe Lennart's "solutions" that much is obvious. Hardly "hate speech" though, unless you define "hate speech" as "you disagree with my solutions" == "you hate me".

Or perhaps you equate my using "Lennarts of the world" with "hating Lennart"? Well I don't "hate Lennart", but I do use the idiom a bit akin to "Karens of the world". Perhaps it's not "fair" to Lennart, so let me give an example.

Suppose someone was to park a proverbial truck in your living room as a "solution". Would that make you happy? No? What if that someone then told you that the truck solves *his* problem superbly and that if you don't like the truck, that is *your* problem, so *you* should "work around" the truck (ie. "WONTFIX")? No? You'd still protest? Darn. I'm sure though that if the proverbial truck displayed a big red sign in the windshield that said "truck tainted 'coz living room too small", that would definitely make you love the truck. Fo' sure. Or else you're just a "hater" lol. Especially if you suggested in no uncertain terms to remove the fscking truck - that would no doubt be a big, "uncivilized" no-no.

Right?

So perhaps you can understand what I mean by "Lennarts of the world": the types that park proverbial trucks in other peoples' living rooms and expect other people to "work around" the truck while at the same time waving off and labeling any criticisms or objections or suggestions to remove the truck as "hate speech" and "personal attacks". It *is* just a truck, right? And it's not even that big - it didn't even fill the *whole* room, you can still walk around it, and it comes with a built-in kitchen sink too! You've just saved space in the kitchen! And best of all, "it's free"! So why so much "hate"?

Or, perhaps you just disagree with me seeing LP as a "Lennart" per example above.

Well okay, that's perfectly fine. I'm sure a number of other readers would possibly - even probably - agree with my own view. YMMV.

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

Posted Mar 19, 2025 9:58 UTC (Wed) by andrejp (guest, #47396) [Link] (4 responses)

And just to make this perfectly clear: I don't view *everything* by LP as bad. Some of it is actually pretty good. The bad tho is like the proverbial truck given in the example. And with no means of separating the truck from the bundled kitchen sink while at the same time making the truck a hard dependency of the living room, can you really blame me for wanting to remove the whole effin' truck? Or for not wanting that "someone" to park more trucks in other rooms?

I mean... "GRUB tries to do too much, and most of those things are a mistake, he said."
No, wait, that wasn't my comment. Hm.

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

Posted Mar 19, 2025 13:07 UTC (Wed) by daroc (editor, #160859) [Link] (3 responses)

Regardless of the precise terms they used, zdzichu is completely correct. We require comments here to be polite, and to avoid personal attacks. Saying that you dislike systemd is perfectly fine. Explaining your technical problems with it is welcome. Being rude about it and personally insulting Lennart isn't.

Please stop this thread of conversion here, and be less vitriolic in your future comments.

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

Posted Mar 21, 2025 14:52 UTC (Fri) by andrejp (guest, #47396) [Link] (2 responses)

Funny how even after it has been thoroughly explained what this is and what this is not, you still found it in you the need to point out how you agree with the labeling. That is actually far more "rude" than anything I've said - you're lecturing me on how comments should be polite and to avoid personal attacks and that rudeness has no place in the comment section, while at the same time completely ignoring everything I've said and just reapplying the labels, even adding more ("vitriolic").

I don't think you see how rude and personally insulting *that* is.

But then again, it's part of the same reason why Lennart has been getting all that flak: snubbing and hand-waving off anyone that happens to not quite fit into the crowd of cheerleaders, or even outright disagrees with the crap that's being pushed on users.

I understand - you don't like words like ass, shit, crap, fuck and so on and so forth. But gee, see what happens if I first snub and hand-wave you off (like I just did - deliberately, not to offend or incite you, but in order to demonstrate a point), then label you with some juicy and colorful labels ("you're 'hating me'", "your comment is full of 'vitriol'", "I find your comment to be 'personally insulting'"). First you're going to "warn" me "politely" (check). That failing, you're going to use "stronger" words ("hate speech", check). That failing, you're going to propose "uninstalling" this uid, 'coz "he's parking 'trucks' (ass, shit, fuck, crap) into the 'living room' (this comment section)" (pending, probably being considered). That still not having the desired effect (new uid), your next step is probably going to be to suggest "uninstalling" the IP this comment has come from. Then probably "uninstalling" by "legal action". And so on.

In other words, you'll want "the *whole* 'truck' out of your fscking 'living room'".

To which my response to you is, again deliberately, in order to demonstrate the point: "please stop with the hate speech", "please stop personally insulting me" and "be less vitriolic in your future comments".

Stop now

Posted Mar 21, 2025 15:14 UTC (Fri) by jzb (editor, #7867) [Link]

OK. Time to end this thread. To be very clear—the comment section is not the place for people to snipe at one another. It's quite OK to have disagreements on topics, but nobody needs or wants to read two or more commenters just arguing with each other. Stop here.

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

Posted Mar 21, 2025 15:15 UTC (Fri) by andrejp (guest, #47396) [Link]

In other words, you're saying "your communication is not welcome here" and "please remove the truck from my living room".

I understand. I apologize for the inconvenience.
Hm. No that's the wrong quote.
So long, and thanks for all the fish?
Lol.

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

Posted Mar 19, 2025 7:01 UTC (Wed) by intelfx (subscriber, #130118) [Link] (1 responses)

I see lots of text here, but unfortunately all of it is starkly content-free. Please try again.

flatpacks falling flat, packing bugs, snaps snapping resources, both suck

Posted Mar 19, 2025 9:43 UTC (Wed) by andrejp (guest, #47396) [Link]

Which part did you find to be "content-free"? The problem? The "solutions"? Or the solution? I addressed all three.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds