Jump to content

Flatpak Linux App Sandboxing Gets New FUSE-Based System-Wide Installation Method


The AchieVer

Recommended Posts

The AchieVer

Flatpak Linux App Sandboxing Gets New FUSE-Based System-Wide Installation Method 

The Flatpak development team released today a new stable version of their Linux application sandboxing and distribution framework that implements a new major feature around the system-wide installation method.

The Flatpak development team released today a new stable version of their Linux application sandboxing and distribution framework that implements a new major feature around the system-wide installation method.

Flatpak 1.3.2 is now available and it contains a major change in how installation of Flatpak apps is done system-wide as a user. The developers decided to rewrite the setup process of a Flatpak app due to the fact that the previous method caused unnecessary I/O and used more disk space. The new setup process relies on a custom FUSE file system.

"The new setup uses a new custom fuse filesystem which the user writes to, and then when this is done we can safely revoke any access to this from the user, meaning the files can be directly imported into the system repository without needing to make a copy," explains Alexander Larsson in the GitHub announcement page.

But it appears that there's also a downside of the new system-wide installation method, which apparently makes the packaging of a Flatpak app more complex due to it requiring to have a "flatpak" user already added in the package. Packagers can change the default user with the --with-system-helper-user=USERNAME parameter.Coming soon to a GNU/Linux distro near youIn addition to the new FUSE-based setup method, the Flatpak 1.3.2 release comes with a custom SELinux module, which can be enabled with the --enable-selinux-module parameters, to workaround an issue where the default SELinux policy prohibited Flatpak from passing a UNIX socket over the system bus. The selinux-module needs to be installed for this to work.

Moreover, Flatpak 1.3.2 adds a new --socket=pcsc permission for accessing smart cards, a new runtime column to the "flatpak list" command, support for storing description, comment, icon and homepage fields from flatpakrepo files in the remote configuration, and lets users specify a rebasing version of end-of-life. Flatpak 1.3.2 will soon be available in the stable software repositories of your favorite GNU/Linux distribution.
 
 
 
Link to comment
Share on other sites


  • Replies 0
  • Views 496
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...