Flatpaks having home filesystem access despite use of Flatseal to restrict access

I am new to Flatpaks.
I noticed that a lot of Flatpaks (eg. Krita, Firefox) I installed have access to the home filesystem despite me choosing to toggle off all filesystem related options in Flatseal.
I am aware that some of them are using portals as I see that when I try to open a file with them, I see Open File - Portal at the top in the file selector.
Is this the general behavior?
That even if one explicitly restricts/denies home filesystem access, the File Picker using Portal will have access to everything.

I am aware about the fact that the applications won’t have any access to the files if they use portals, they will only have access to that certain file that is passed through.
But yeah, please clarify on that a bit more or guide me to a place where I can read more in depth.
I do notice a lot of other applications (eg. GIMP, Geany) respect the restrictions I have set in Flatseal and the file picker only sees the folders I pass and nothing else.

I would also like to add that I have tested for this behavior in multiple distros (eg. Elementary, Mint, Fedora) just to be sure that this is not limited to my current distro.
I would love to have some clarity about how all of this works and what is the norm and why.

As you say, the filepicker will typically show everything and pass the just file you choose to the app. But not all apps may use this special portal type filepicker.

If you’re comfortable with the terminal you can verify yourself what an app can or cannot see by entering its sandbox using flatpak run --command=sh org.gimp.GIMP for example, then you can navigate using cd / ls etc and see what it can see.

2 Likes

That would be really handy and I will be checking this out.
I really appreciate your reply. :slight_smile:

I did read about it a bit more, searching all around the web.

Portals are designed as dynamic exception with guaranteed user interaction for most of them (including filesystem access). So yeah, they did not go the Windows way of adding yet another popup saying “You are about to give access to a file to application X that is not in the default permitted list. Are you sure? Yes/No/Maybe”. But doing so would grow old very fast.

For instance I much prefer that my video player does not have access to anything at all but grant access to files on a case-to-case basis rather than granting access to all my home by default.

It’s setting a permission for the app, not for yourself. It could be worded better in flatseal, but it’s the files that the application can access by itself. The app itself can’t access it. Your system and yourself can.

The basic idea here is that if you are opening a file in a file browser, you “give” the file to the app. The same way that if you give something from your fridge to a friend one time, it doesn’t mean that they can access it 24/24.

Flatseal’s permissions are the silent ones. They are things the app can access, always, at any time, without the user ever knowing.

The file portal is a convenient way for the user to explicitly (i.e. not silently) temporarily grant access to a file.

Original Reddit Post