bztd
October 23, 2024, 12:25pm
1
I was looking into running appimages inside the flatpak sandbox and it seems there is no access to fuse. Is there a way to be able to run appimages directly? I would like to integrate them and use flatpak’s permission management. Unzipping and repackaging doesn’t seem like an option to me.
cxrvh
October 29, 2024, 5:16pm
2
That’s not possible but there are other options for AppImage:
opened 03:28PM - 03 Jun 16 UTC
closed 04:50PM - 29 Jun 24 UTC
idea
https://github.com/projectatomic/bubblewrap
To run an AppImage in a read-only s… andbox so that it can **only** write to `$HOME/.config/leafpad/` and `$HOME/leafpad/`:
```
# Get the sandbox
wget -c "https://github.com/probonopd/bubblewrap/releases/download/binary/bwrap"
# Get the AppImage to be run inside the sandbox
wget -c "https://bintray.com/probono/AppImages/download_file?file_path=Leafpad-0.8.17-x86_64.AppImage" -O Leafpad-0.8.17-x86_64.AppImage
# FUSE-mounting does not seem to work inside the sandbox
sudo mount Leafpad-0.8.17-x86_64.AppImage /mnt -o loop
chmod a+x ./bwrap
mkdir -p $HOME/leafpad/
mkdir -p $HOME/.config/leafpad/
./bwrap --ro-bind / / --dev /dev --bind $HOME/.config/leafpad/ $HOME/.config/leafpad/ --bind $HOME/leafpad/ $HOME/leafpad/ /mnt/AppRun
sudo umount /mnt
```
Works for me :-)
Tool to make sandboxing AppImages easy
bztd
October 30, 2024, 11:41pm
3
Is there any technical detail that makes this impossible?