flatpak - am I doing it wrong? [SOLVED]

aperion · 2025-06-12 23:26:12

Today I wanted to test flatpak. For testing purposes I installed com.raggesilver.BlackBox (a Terminal) and com.github.tchx84.Flatseal from flathub.org.
Then i removed all filesystems persmissions from the former using flatseal. The network permission was already disabled.

With

flatpak run com.raggesilver.BlackBox

I can now start a Terminal. It has full access to all files in my home directory,

ping google.com

also works.

Where did I go wrong?

Last edited by aperion (2025-06-16 13:53:18)

cryptearth · 2025-06-13 05:42:07

aperion wrote:

Where did I go wrong?

by using flatpak in the first place
I can only guess what you try to get here - but flatpak is not the correct way to do so
if its about isolation look at containerization like docker or virtualization
for better advice it would be helpful to explain what you want to achieve rather an issue likely noone will bother to even look at - https://en.wikipedia.org/wiki/XY_problem

seth · 2025-06-13 06:23:44

PSA: Don't abuse flatschpak for process isolation. It is not meant to be a sandbox and its "sandbox" has more holes than cheese in it.

That being said

Then i removed all filesystems persmissions from the former using flatseal.

Did you? *All*? https://aur.archlinux.org/packages/blackbox-terminal is a terminal emulator, if is has no access to the local filesystem, what is it supposed to show? Or even how? Does it magically not need filesystem access to talk to your display server socket?
And you're apparently running an interactive shell in it, is it your /usr/bin/bash? And there you run your local /usr/bin/ping from there? Would they know anything about what they're rendered in is some flatschpak? Or care?
If you're on a system that has exclusively LAN access, open a terminal emulator there, ssh into another host on the LAN, that host has full WAN access and then from within that shell, that you're seeing in the TE running on the host with only LAN access, ping some WAN host… do you think there's anything wrong here?

Where did I go wrong?

Succumbing to bullshit marketing, I'd guess…

aperion · 2025-06-13 13:50:29

Sorry if I have not made my intentions clear. What I wanted to do was to test the sandbox features of flatpak, i.e. https://docs.flatpak.org/en/latest/sand … sions.html

Where it says specifically
> One of Flatpak’s main goals is to increase the security of desktop systems by isolating applications from one another. This is achieved using sandboxing and means that, by default, applications that are run with Flatpak have extremely limited access to the host environment. This includes:
> No access to any host files except the runtime, the app, ~/.var/app/$FLATPAK_ID, and $XDG_RUNTIME_DIR/app/$FLATPAK_ID. Only the latter two being writable.
> No access to the network.

I do not need my browser to be able to access my tax information, and I do not want my tax application to see my browsing history or access the internet.

Flatpak claims to offer exactly that in a userfriendly way. I find it weird that these permissions exist, and yet seem completely ineffective. I thought it was maybe a configuration error.

seth · 2025-06-13 14:04:30

1. https://flatkill.org/2020/ - flatpak could just as much claim a girlfriend in canada…
2. You did understand the systematic flaws w/ your particular test?
3. https://wiki.archlinux.org/title/Firejail
4. any malicious actor that gets you to install anything w/ root permissions might have a suprise-suid and you lost, for *near*-perfect context isolation, you're looking for virtual machines. But not one single thing is going to make you "safe" - because that's not a state, it's a mindset.

aperion · 2025-06-13 14:12:32

No, I do not understand the flaw in my test. I removed the overarching filesystem=host permission using an override, as well as every other permission the app came with except for wayland.

bash$ flatpak override --user --show com.raggesilver.BlackBox
[Context]
shared=!ipc
sockets=!fallback-x11;!x11
devices=!all
filesystems=!host

seth · 2025-06-13 14:17:22

You can constrain the terminal emulator all you want - the stuff getting access to files and the network is the stuff your're running *inside* that terminal emulator which is most likely just your local bash, ping etc et pp. ie completely different processes.
(It's also why I don't buy that you do/can block *all* file access, because then the TE cannot execute a shell, unless the flatschpak ships that and all the other tools, too - which is beyond unlikely.

flatpak is a way to release binary-only software onto random host stacks, not even that works properly.
Using it as a sandbox is nonsense, no matter what some lofty claims say about intentions.
Abandon that idea.

mithrial · 2025-06-13 15:17:54

I replicated your issue and I'm quite surprised that the network still works. Removing this access should not mount (is that the correct term?) the networking devices. But this isn't apparently true and it obviously still does.

I would report that as a an issue but I don't know where exactly. Could you test with another application? I'm also unsure why the mentioned program can access the local files (e.g. in my setup read the .zshrc) when not giving access.
With other programs (e.g. Signal Desktop), this access can be granular.

Last edited by mithrial (2025-06-13 15:18:31)

seth · 2025-06-13 15:54:20

What is actually executed by the terminal emulator?
If it's a local shell binary it'll have to grant access to that somehow.
Can you install mc and

flatpak run com.raggesilver.BlackBox -e /usr/bin/mc

(assuming that's beyond unlikely to be provided by that flatschpak)

The very design of a terminal emulator is to run and display otherstuff™ - for that to reasonably work, it cannot block access to the host FS, because then there's little to no otherstuff™ and even if you'd limit access to /usr/bin/somewhitelist, those clients would want to randomly access the filesystem and likewise not work.

aperion · 2025-06-13 16:22:48

For other commands the sandbox seems to work.

bash$ flatpak run --command=ls com.raggesilver.BlackBox -al       
total 0
drwxr-xr-x 4 aperion aperion 80 Jun 13 18:20 .
drwxr-xr-x 3 aperion aperion 60 Jun 13 18:20 ..
drwxr-xr-x 3 aperion aperion 60 Jun 13 18:20 .local
drwxr-xr-x 3 aperion aperion 60 Jun 13 18:20 .var
bash$ flatpak run --command=ping com.raggesilver.BlackBox google.com    
bwrap: execvp ping: No such file or directory
bash$ flatpak run --command=curl com.raggesilver.BlackBox google.com
curl: (6) Could not resolve host: google.com

But not for the main application.

Last edited by aperion (2025-06-13 16:23:15)

seth · 2025-06-13 16:27:46

flatpak run --command=bash com.raggesilver.BlackBox

aperion · 2025-06-16 13:52:52

I was made aware that the permission

[Session Bus Policy]
org.freedesktop.Flatpak=talk

allows for arbitrary code execution on the host. Removing this permission renders the applications useless (as expected).

I overlooked it.

Last edited by aperion (2025-06-16 13:53:48)

Arch Linux

#1 2025-06-12 23:26:12

flatpak - am I doing it wrong? [SOLVED]

#2 2025-06-13 05:42:07

Re: flatpak - am I doing it wrong? [SOLVED]

#3 2025-06-13 06:23:44

Re: flatpak - am I doing it wrong? [SOLVED]

#4 2025-06-13 13:50:29

Re: flatpak - am I doing it wrong? [SOLVED]

#5 2025-06-13 14:04:30

Re: flatpak - am I doing it wrong? [SOLVED]

#6 2025-06-13 14:12:32

Re: flatpak - am I doing it wrong? [SOLVED]

#7 2025-06-13 14:17:22

Re: flatpak - am I doing it wrong? [SOLVED]

#8 2025-06-13 15:17:54

Re: flatpak - am I doing it wrong? [SOLVED]

#9 2025-06-13 15:54:20

Re: flatpak - am I doing it wrong? [SOLVED]

#10 2025-06-13 16:22:48

Re: flatpak - am I doing it wrong? [SOLVED]

#11 2025-06-13 16:27:46

Re: flatpak - am I doing it wrong? [SOLVED]

#12 2025-06-16 13:52:52

Re: flatpak - am I doing it wrong? [SOLVED]

Board footer