Originally posted by Danny3
View Post
The actual implementation is achieved by using Linux's cgroups system to put the application in a sandbox where it can't see the device nodes for what it's not allowed to access, and where it's in a separate network namespace not bridged to the others if it's denied network access.
Unfortunately, location on a desktop PC can't be gated that way because it's implemented as "Google pins down the physical location of your LAN's public IP by having any Android phones connected to your WiFi phone home to match up the IP they're connecting from with what their GPS and other location mechanisms see." If, like me, you live in the countryside, seeing that degree of accuracy out of Google's search page footer is creepy as hell and you need a VPN to beat it.
(Speaking of which, I still need to figure out where the correct bug tracker is to file a feature report for a Flatpak permission that grants network access to routable networks only (i.e. no 192.168.x.x, 10.x.x.x, etc.), so a compromise in a Flatpak'd application that has no need for LAN access can't be used as a relay to attack things behind the edge firewall like unpatched/out-of-support network printers and IoT lightbulbs and the like.)
Comment