Flatpak integration with desktop systems
Sandbox Security
Last year, Flatkill.org [16] caused a sensation for a short time. It tried to demonstrate, in the style of the well-known systemd criticism, that Flatpak is a nightmare when it comes to sandbox security. The critics attacked the way Flatpak handles permissions. However, with a few exceptions, the accusations no longer applied by the time the criticism was published.
The criticism was directed against apps based on GTK2. Applications based on GTK3 and Qt 5 use the previously mentioned portals [17] for D-Bus-based access to the filesystem and other resources, such as printers, from inside the sandbox (Figure 7).
Since the stable version 1.0, Flatpak has seen additional improvements. Noteworthy are support for multiple Nvidia devices, the introduction of the username flatpak
and of a custom fuse filesystem to enhance security in the home context. Flatpak can also handle webcams through the new Screencast portal, which makes use of Pipewire. Overall, Flatpak offers better control over the lifecycle of individual versions and an improved platform for regression testing.
Moving forward, major versions will appear every three months, supplemented by snapshots in between releases. For a deeper understanding of Flatpak's technical background, see Larsson's presentation from the All Systems Go conference in Berlin in September 2018 [18].
The Middle Ground
Flatpak and other alternative systems have found their way into the Linux infrastructure and are not likely to quickly disappear. Each of the approaches received both praise and criticism: Some critics see the demise of Linux coming; some proponents wish that distributions could predominantly consist of Flatpaks or Snaps. Fedora is currently implementing this in the Silverblue project, for example. As is so often the case, the middle ground makes the most sense.
Flatpaks offer advantages – and, depending upon your point of view, also cause disadvantages. The advantages are especially important for stable distributions and LTS versions. While, for reasons of stability, only older versions of software are available on LTS, Flatpak offers users the option of installing current software in a way that does not clash with the version provided by the actual package manager.
If you run several distributions in parallel, you only need to download a Flatpak once to use the software everywhere. Flatpaks are therefore completely independent of the distribution update cycle.
Conclusions and Outlook
Flatpak has arrived on the desktop with varying responses. Developers use Flatpak to serve all distributions with a single package. Fedora is enthusiastic about the new format and sees it as the future of distribution.
An informal survey of friends and family shows that Flatpaks are used moderately by some advocates, with the number of applications rarely exceeding a dozen.
As for the future, Flatpak will only live as long as the desktop does. If the influence of web apps continues to increase, the desktop's function may at some point be mainly to launch the browser. And that would probably be the end of Flatpak.
Infos
- Flatpak: https://github.com/flatpak/flatpak/releases
- Klik: https://en.wikipedia.org/wiki/AppImage#klik
- Glick: https://people.gnome.org/~alexl/glick/
- OSTree: https://ostree.readthedocs.io/en/latest/manual/introduction/
- Atomic: https://www.projectatomic.io
- Silverblue: https://silverblue.fedoraproject.org
- Manifesto: https://docs.google.com/document/d/1QTgxakyUVFMkvr-xFY2Xg9lYjcJLd6kPTl3Ij5_dL7Q/edit
- Bubblewrap: https://github.com/projectatomic/bubblewrap
- chroot: https://en.wikipedia.org/wiki/Chroot
- User namespaces: https://lwn.net/Articles/532593/
- Seccomp: https://en.wikipedia.org/wiki/Seccomp
- Flathub: https://flathub.org/home
- Hosting a repository: http://docs.flatpak.org/en/latest/hosting-a-repository.html
- Torvalds' criticism: https://www.reddit.com/r/programming/comments/47z3kx/linus_torvalds_on_linux_application_packaging/
- "Maintainers Matter": http://kmkeen.com/maintainers-matter/2016-06-15-11-51-16-472.html
- Flatkill: http://flatkill.org
- Portals: https://github.com/flatpak/flatpak/wiki/Portals
- Presentation from All Systems Go: https://www.youtube.com/watch?v=K0bkapSpzzk
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.