GNOME Making Progress On Full-Featured USB Portal For Flatpaks

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • phoronix
    Administrator
    • Jan 2007
    • 67377

    GNOME Making Progress On Full-Featured USB Portal For Flatpaks

    Phoronix: GNOME Making Progress On Full-Featured USB Portal For Flatpaks

    Thanks to funding from the Sovereign Tech Fund, GNOME developers have been working on greater USB permissions/controls for Flatpak-based Linux applications...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
  • uid313
    Senior Member
    • Dec 2011
    • 6922

    #2
    This is great but I would also like to see a network portal so that you can grant a app network access or maybe it try to open a port to listen on and it says "App X is trying to bind port 80 for listening" and you get the option Accept and Deny, or it try to establish a TCP connection then it says "App X is trying to connect to google.com on port 443" and you get Accept or Deny.

    Comment

    • mxan
      Senior Member
      • Jun 2022
      • 289

      #3
      Originally posted by uid313 View Post
      This is great but I would also like to see a network portal so that you can grant a app network access or maybe it try to open a port to listen on and it says "App X is trying to bind port 80 for listening" and you get the option Accept and Deny, or it try to establish a TCP connection then it says "App X is trying to connect to google.com on port 443" and you get Accept or Deny.
      Flatpak’s sandbox itself controls network access, and “app wants to access this port” belongs in a firewall, not an XDG portal. I’m surprised there’s no GUI for firewalld (or similar; I just say firewalld because Fedora uses that) preinstalled by default on the major desktop distros, especially when Windows pops up to ask you if you want to allow e.g. torrent clients to access ports. To me it’s just a user-friendliness no-brainer.

      Comment

      • stormcrow
        Senior Member
        • Jul 2017
        • 1518

        #4
        More fine grained access controls for USB HSMs, mass storage, etc etc would certainly be welcome.

        Comment

        • eszlari
          Junior Member
          • Jun 2019
          • 39

          #5
          Originally posted by mxan View Post
          I’m surprised there’s no GUI for firewalld (or similar; I just say firewalld because Fedora uses that) preinstalled by default on the major desktop distros
          Kubuntu includes one by default: https://invent.kde.org/plasma/plasma-firewall

          Comment

          • stan
            Senior Member
            • Jan 2008
            • 197

            #6
            I say no thanks to these bandaid solutions like Flatpacks and Snap. They are slow, especially to boot up, because none of the libraries are already loaded into memory. Even if the same library is already loaded by another application (let’s say in a different opened Flatpack), it has to be loaded again by the other Flatpack application, which means accessing the hard drive again and taking up IO bandwidth. Flatpacks and Snaps are also memory hogs, because every such application has to upload all of its libraries into memory, even if those libraries are redundant. And finally, they take up a lot of space on the hard drive, for the same reasons above. I’m sorry, but I much prefer applications that have been properly packaged into the distro and that have shared libraries in order to speed up loading and execution and to save memory and hard drive space. It’s a no brainer!

            Comment

            • uid313
              Senior Member
              • Dec 2011
              • 6922

              #7
              Originally posted by stan View Post
              I say no thanks to these bandaid solutions like Flatpacks and Snap. They are slow, especially to boot up, because none of the libraries are already loaded into memory. Even if the same library is already loaded by another application (let’s say in a different opened Flatpack), it has to be loaded again by the other Flatpack application, which means accessing the hard drive again and taking up IO bandwidth. Flatpacks and Snaps are also memory hogs, because every such application has to upload all of its libraries into memory, even if those libraries are redundant. And finally, they take up a lot of space on the hard drive, for the same reasons above. I’m sorry, but I much prefer applications that have been properly packaged into the distro and that have shared libraries in order to speed up loading and execution and to save memory and hard drive space. It’s a no brainer!
              My computer has plenty of RAM so I don't mind. I like Flatpak and Snap. The RAM is supposed to be used, else why have all that RAM?

              Packaged applications like .deb and .rpm, they are not sandboxed so the applications can do anything and makes Linux insecure. Android and iOS run all applications sandboxed.

              Comment

              • stan
                Senior Member
                • Jan 2008
                • 197

                #8
                I can think of tons of ways to achieve effective sandboxing without needlessly duplicating libraries with each application instance and without sacrificing speed of loading and execution and RAM and hard drive space usage. For instance, the kernel can detect requests to access a certain resource by a given process ID or a user, and then ask the GUI to show a pop-up asking the user to confirm the legitimacy of that request. The kernel can then keep a list of previously approved requests that the user can review and rescind at any time. I’m sure I’m not the first person to think of this.

                Comment

                • patrick1946
                  Senior Member
                  • Sep 2021
                  • 358

                  #9
                  Originally posted by stan View Post
                  Flatpacks and Snaps are also memory hogs, because every such application has to upload all of its libraries into memory, even if those libraries are redundant. And finally, they take up a lot of space on the hard drive, for the same reasons above. I’m sorry, but I much prefer applications that have been properly packaged into the distro and that have shared libraries in order to speed up loading and execution and to save memory and hard drive space. It’s a no brainer!
                  Flatpak is sharing the libraries. Where do you read otherwise?

                  Comment

                  • that_leaflet
                    Junior Member
                    • Oct 2024
                    • 2

                    #10
                    Originally posted by stan View Post
                    I can think of tons of ways to achieve effective sandboxing without needlessly duplicating libraries with each application instance and without sacrificing speed of loading and execution and RAM and hard drive space usage. For instance, the kernel can detect requests to access a certain resource by a given process ID or a user, and then ask the GUI to show a pop-up asking the user to confirm the legitimacy of that request. The kernel can then keep a list of previously approved requests that the user can review and rescind at any time. I’m sure I’m not the first person to think of this.
                    Flatpak's primary goal is to be a format that works regardless of distro. The sandboxing is a secondary detail, the flatpak.org main site makes no mention of sandboxing as a feature.

                    Comment

                    Working...
                    X