My Flatpak is rated with a big red scary “Unsafe” flag, as it can allegedly “Read/Write all your data”. That is untrue, as it can’t touch the root directory, which is borne out by clicking for more information. “Software” states: “Home/Folder Read/Write access. Can read and write all data in your home directory.” - not root. It has " - --filesystem=home".
The app is scary to install because of the flag, but would be unusable without access to my home directory. Being able to write to my home directory seems perfectly reasonable to me. Wouldn’t a milder warning be more appropriate? I see that Gnome apps like “Files” are Approved by your distribution" - so no scary flags, how is that achieved?
Accessing the home directory has a lot of damage potential, although I do sympathize that the rating seems to do more harm than good at this stage of Flatpak adoption.
Which app is it btw?
1 Like
On a regular desktop Linux system, all of a user’s data is stored in their home directory. So “Read/Write all your data” is correct. Also, --filesystem=home basically gives an app the ability to break out of the sandbox. So IMHO a big scary warning about that is appropriate.
The vast majority of apps don’t really need --filesystem=home. Many use it because they haven’t been adapted to Flatpak’s sandbox yet (i.e. they don’t use portals). Does your app really need --filesystem=home? If so, why?
Also, that warning is generated by gnome-software, not by Flathub. So this here might not be the best place for your question.
a user’s data is stored in their home directory.
It rather depends on how you define data and how your disks are arranged.
IMHO a big scary warning about that is appropriate.
Well it is a matter of opinion - being warned about using my own hard disk seems like “elfin safety” to me.
The vast majority of apps don’t really need --filesystem=home. Many use it because they haven’t been adapted to Flatpak’s sandbox yet (i.e. they don’t use portals). Does your app really need --filesystem=home? If so, why?
I don’t think restricting the user to the sandbox itself would be usable as I don’t think anyone would know how to get at the data even if it was permanent. Looking for information about portals I was directed to this: Sandbox Permissions Reference - Flatpak documentation which I think suggests that portals are created by statements such as filesystem=home or xdg-pictures for example. That latter might be apropriate but I have already been told that not being able to use USB sticks for example is an irritation. Restricting access to Pictures would still (theoretically) enable zapping all the data in that directory. In fact the app is only permitted to delete its own files one at a time (unless someone has a file with a name with the exact format that the app uses).
Thanks for your comments, but I’d prefer to trust peoples’ common sense to understand the warning and accept it - rather than irritate most people by restricting what they can do on their own computer.
that warning is generated by gnome-software, not by Flathub.
I didn’t realise that. If I want to pursue this the best approach would be a comment about the flag system on the Gnome forum.
These are only the static sandbox permissions. Equivalent to --filesystem=home, just specific to some folders.
Portals are D-Bus interfaces which grant access dynamically while the application is running (Desktop integration - Portals, Portal API Reference) and fully controlled by the user.
1 Like
The documentation was misleading as the bit about portals linked me back to the static statements. I was a bit surprised as the term “Portal” had suggested something more sophisticated.
Your link probably makes your post the most useful one on this thread. I’ve just published a new release (with the red flag 
) and now other things demand my attention, so I’ll have to put off looking into it until the next version.