What are network tags?

1

When installing the Spotify app, flatpak says “proprietary” under permissions / Network Tags.

What does that mean? The docs don’t specify.

Are there plans in the works to make permissions more understandable? In an ideal world, I’d even love to be able to choose restrictions on the default permissions for an app before it installs. Many of the apps have unnecessarily wide permissions, like access to the entire home folder. For an app like Whatsapp, that’s enough to make me choose to run that app in the browser rather than as a flatpak app.

2 Likes
2

You can restrict permissions when running the app via console or graphically using an app like Flatseal.

If you think the app does not need such permissions to run, you can file an issue with that application asking to lower the permissions.

3

With respect to Spotify permissions, I think you’re misreading the output:

com.spotify.Client permisos:
    ipc      network      pulseaudio     x11     dri     file access [1]     dbus access [2]     bus ownership [3]     tags [4]

    [1] xdg-music:ro, xdg-pictures:ro
    [2] org.freedesktop.Notifications, org.gnome.SessionManager, org.gnome.SettingsDaemon.MediaKeys
    [3] org.mpris.MediaPlayer2.spotify
    [4] proprietary

Propietary is just a tag telling you it’s a propietary app. It also shows that has network access and readonly access to Music and Pictures user directories.

1 Like
4

My bad on the tags. Thanks for the correction.

Re flatseal, would that be something that could be integrated into flatpak and supported as a first-class tool? It’d be good if the tool that people use to change permission levels for all their apps (flatseal) weren’t itself something that required them to trust an app by a random developer. The permissions that flatseal has look pretty minimal, but it looks like the main malicious thing it could do would be to allow all permissions on all your installed apps.

5

Flatseal isn’t menant to be used by most people.

The N°1 permission mechanism should be portals, implemented by you desktop environment. Then the permission exposed by flatpak may be configurable in some advanced settings in your DE’s settings app.

Flatseal is meant to be used for other, more niche window managers.

1 Like