I’m a user, not a developer, and I’m trying to use flatpak apps for better security. This includes, for example, firefox and okular (a KDE pdf reader), that I’ve locked down in flatpak. But I have an issue with how okular in flatpak is apparently able to access (and likely modify) any past file it has visited and I have been unable to find a way to roll back that access. I’m using Kubuntu 24.04.1
If I run the following command, I can see all files I have so far opened in flatpak’s okular: ls -lR /run/user/1000/doc/by-app/org.kde.okular/* . The same is true in “flatpak run --command=sh org.kde.okular” when I run ls -lR /run/user/1000/doc/* .
In the event that there is malware in a pdf I’m using in okular, I don’t want that malware to have access to all these pdf’s because some of them contain personal information. However, if I try to erase anything in either /run/user/1000/doc or in /run/user/1000/doc/by-app/org.kde.okular, it also erases the file on my host filesystem (aka home directory / subdirectories). Were it not for a backup, I’d now be missing a half dozen pdfs. Restarting my computer does nothing–the files are still there.
ChatGPT seems to think that what I’m experiencing is a problem with flatpak security–namely that flatpak okular seems to have direct access to files on my filesystem. I don’t know that that’s accurate, but it is concerning.
Is there some way for me to remove previously opened files from access by flatpak okular, without erasing the files from my home directory? Is flatpak’s apparent direct access to my files a security issue?
Yes, selecting a file using the file chooser portal provides the app access to that file persistently because the app may need it again.
The document portal does has a persistent option, but the file chooser portal always enables it. By contrast, opening a file from the file manager will go through the app’s .desktop file and Flatpak’s --file-forwarding feature which has persistence disabled. That means the permission is never written to disk and is lost when your session is restarted.
You should be able to clear all of an app’s permissions with flatpak permission-reset, but that doesn’t work properly for the document store. Instead, you can use the flatpak documents and flatpak document-unexport commands.
Thanks so much! I was able to use flatpak document-unexport to remove access to the handful of documents I had used okular on without permanently erasing them, which was very helpful. Of course, doing this one document at a time isn’t esp. efficient. Would be ideal if something like permission-reset worked, but it doesn’t for me–as you said. The trick of opening a file from the file manager is a useful one. I’m still waiting to see that it is removed from access. Perhaps after I restart my system (which could be a while because I use hibernation).
I looked at the earlier discussion, I’m definitely with the folks who suggest that there should be access to a limited number of recent files rather than permanent access to all previously opened pdf’s. I’d add a time limit as well–a week or two–and make sure there is a command to revoke all previous access grants.