this post was submitted on 03 Mar 2024
30 points (94.1% liked)

Linux Gaming

15520 readers
297 users here now

Discussions and news about gaming on the GNU/Linux family of operating systems (including the Steam Deck). Potentially a $HOME away from home for disgruntled /r/linux_gaming denizens of the redditarian demesne.

This page can be subscribed to via RSS.

Original /r/linux_gaming pengwing by uoou.

Resources

WWW:

Discord:

IRC:

Matrix:

Telegram:

founded 2 years ago
MODERATORS
 

I was going to going to ask this question because Steam Flatpak was listed as last being updated May 2023, but they just updated it yesterday. That's still about 9 month between updates.

In general if I am on rolling release like OpenSuse Tumbleweed is my Steam package and Mesa drivers going to be more up to date then what the Steam Flatpak provides or are they updating the Flatpak and dependencies more frequently then the Discover app is suggesting?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 9 months ago* (last edited 9 months ago)

A flatpak can name extensions that are mounted into the running container if they're installed.

or are Flatpaks allowed out of their sandboxes

Be careful when thinking of flatpaks as sandboxes. What they confine is (by default) up to the maintainer of each flatpak, and most of the ones I have audited are very permissive.

You can mitigate this somewhat by editing the permissions of each flatpak before running it for the first time, with the command line or a GUI like flatseal. But that only goes so far, since some of the permissions are not fine-grained enough to provide meaningful sandboxing while still allowing games to run. (For example, shared memory and network access.) You might also consider creating a second linux account just for games, and logging in to that account's desktop when installing or running them.

A Flatpak container is better than nothing, and will probably keep you safe from most programming mistakes, but I wouldn't consider it a security/privacy sandbox by any means. If you want that, a hypervisor-based virtual machine would be better.