this post was submitted on 03 Mar 2024
30 points (94.1% liked)
Linux Gaming
15520 readers
297 users here now
Discussions and news about gaming on the GNU/Linux family of operating systems (including the Steam Deck). Potentially a $HOME
away from home for disgruntled /r/linux_gaming denizens of the redditarian demesne.
This page can be subscribed to via RSS.
Original /r/linux_gaming pengwing by uoou.
Resources
WWW:
Discord:
IRC:
Matrix:
Telegram:
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Makes sense, I was wondering how that worked when I saw some of those in my list. Is that another layer to the flatpak, like a Docker layer or are Flatpaks allowed out of their sandboxes to talk to other Flatpaks?
A flatpak can name extensions that are mounted into the running container if they're installed.
Be careful when thinking of flatpaks as sandboxes. What they confine is (by default) up to the maintainer of each flatpak, and most of the ones I have audited are very permissive.
You can mitigate this somewhat by editing the permissions of each flatpak before running it for the first time, with the command line or a GUI like flatseal. But that only goes so far, since some of the permissions are not fine-grained enough to provide meaningful sandboxing while still allowing games to run. (For example, shared memory and network access.) You might also consider creating a second linux account just for games, and logging in to that account's desktop when installing or running them.
A Flatpak container is better than nothing, and will probably keep you safe from most programming mistakes, but I wouldn't consider it a security/privacy sandbox by any means. If you want that, a hypervisor-based virtual machine would be better.