Originally posted by uid313
View Post
Announcement
Collapse
No announcement yet.
Fedora 35 To Support Restarting User Services On Package Upgrades
Collapse
X
-
- Likes 1
-
Originally posted by kreijack View Post
So in your setup if you want to see a (temporary) image or a .csv file generated by a python program stored in /tmp you can't ? Sorry, but I need and want more flexibility.
https://flathub.org/apps/details/com...chx84.Flatseal
Or in the command line
Comment
-
Originally posted by RahulSundaram View Post
Sure you can. Flatpak allows an user to configure the sandbox to allow that access if they choose to
https://flathub.org/apps/details/com...chx84.Flatseal
Or in the command line
https://flatpak-testing.readthedocs....ox-permissions
It is not the default because the security model of a sandboxed app is based to the prevention of accesses to the filesystem; this means that if this limit is removed, the security model degrades.
Instead the security model of a classic linux distribution is based on the review of the package maintainer (no limits here !).
This and the fact the the each sandboxed app publisher has to care of all app dependencies raises me some doubt about the efficacy of this model.
- Likes 2
Comment
-
Originally posted by kreijack View Post
I never doubted that I can configure this behavior. The point is not if a flatpack app is capable to access the filesystem. The point is that this is not the default.
> Instead the security model of a classic linux distribution is based on the review of the package maintainer (no limits here !).
Not necessarily. An arbitrary package may or may not have additional limitations depending on the service (it is possible for a packager to set limits via the systemd policy or SELinux policy for instance). Distributions don't package everything that a user may use or it may not be the version you want or it may be excluded for licensing reasons and then you are essentially trusting the packager with full root access potentially.
- Likes 1
Comment
-
Originally posted by RahulSundaram View PostThere is no single default here. Whoever builds a package gets to determine what they want the access level to be and it is customizable post installation by the user
Originally posted by RahulSundaram View Post> Instead the security model of a classic linux distribution is based on the review of the package maintainer (no limits here !).
Not necessarily. An arbitrary package may or may not have additional limitations depending on the service (it is possible for a packager to set limits via the systemd policy or SELinux policy for instance).
The difference is the starting point. The app model towards to the model of the phones "store", where there is the distributor who is not interested in entering in the details of the app. So to guarantee a sufficient level of security each app is sandboxed. Widen the access level decrease the security.
The "classic linux distribution model", is based on the fact the package maintainer (who is different from the developers) enters in the details of the application and can do a deeper review. Furthermore it is possible for certain type of program (typically the server) reduce the access level increasing the security.
Originally posted by RahulSundaram View PostDistributions don't package everything that a user may use or it may not be the version you want or it may be excluded for licensing reasons and then you are essentially trusting the packager with full root access potentially.
- Likes 1
Comment
-
Originally posted by kreijack View Post
The "classic linux distribution model", is based on the fact the package maintainer (who is different from the developers) enters in the details of the application and can do a deeper review.
As someone who has done packaging work for hundreds of official packages for over a decade, I can say that all these assumptions are inaccurate.
> On this point I agree. But usually this kind of situation are exception than the rule...
No. Not at all. It is increasingly the case that a common set of core packages come from the distro. Everything else comes from a third party including language specific package managers, containers, third party repos and so forth.
Comment
-
Originally posted by RahulSundaram View Post
These claims are just false.
This change is just a scriptlet that optionally allows a package to set a service to be restarted automatically after an update for user services (system services already had that capability a long time back). User services are not that common and most packages that use user services still won't use it leaving it to the user to restart the user services when they want to. Neither RPM or systemd required you to restart a computer after an update before or after the change.
- Likes 1
Comment
-
Originally posted by andyprough View Post
Could be untrue today. Wasn't untrue during any of the 20 years I ran rpm based distros for my business, including Fedora in about 2015
Comment
-
Originally posted by RahulSundaram View PostYou are assuming a lot here. a) upstream isn't packaging it for the distro themselves
Originally posted by RahulSundaram View Postb) the reviewer is capable of reviewing the security details of the application equivalent or better than the upstream developers
c) human review even if well intended can catch security issues
d) flatpak's aren't going through a review process
The packager have to review only the software itself.
This is particular relevant when a dependency needs a security update:
- in the "classic model", the dependency packager has to updated this single package
- in the flat pack model, each publisher has to care that its own software and all its dependencies are updated..
The point here is that in the flatpack model each publisher has to care a lot more than its specific app. I am not worried about the biggest projects like firefox and/or libreoffice where there is knowledge and accountability (and manpower); I am worried about the little projects which require dependencies with security implication (like libtsl or whatever is its name).
In the "classic model", typically who is charge of packages like libtsl are conscious of its security implication. it is impossible that all the publisher of all flatpack apss have the same level of awareness.
Originally posted by RahulSundaram View PostAs someone who has done packaging work for hundreds of official packages for over a decade, I can say that all these assumptions are inaccurate.
> On this point I agree. But usually this kind of situation are exception than the rule...
No. Not at all. It is increasingly the case that a common set of core packages come from the distro. Everything else comes from a third party including language specific package managers, containers, third party repos and so forth.
Instead there is application where a flatpack model could make sense. I am thinking to something like "Oracle db". But this is a specific case.
- Likes 1
Comment
-
Originally posted by RahulSundaram View Post
Again, this is categorically untrue. There was never a point at any given time in any of Fedora's history that users have to restart a computer for a simple update. This is a nonsensical claim given that millions of instances of Fedora and Fedora derivatives including RHEL/CentOS have been used for enterprise systems sometimes running for months without any restarts in between. Packaging format has no impact at all on this.
But there is a misconception that dnf update completely updates the system without a reboot, Peter Larsen said:
People think that "yum/dnf update" leaves their system in a new updated stage. But it doesn't (completely). It never has. Only after a reboot are all your patches applied and active. Existing/running processes are rarely if ever reloaded. So when you update libraries, kernels etc. your system will keep running with the old versions of those libraries loaded. [...]The only real complete update you can do is one that does a full reboot. We do have a few tricks with DNF which will attempt to let you know what needs restarting. But you'll find that a good part of our updates requires a restart of most if not all your system, in order for the updates to become fully active.
Perhaps partly because it normally works just fine, it is surprising to find that dnf update is not really a supported way to update a Fedora system—even from a virtual terminal outside of the desktop. Many will probably keep on doing it, but once in a while may get bitten. As Williamson put it: "It works fine all the time until it doesn't, and then you're left with a pile of broken bits that you get to spend all afternoon fixing."
- Likes 1
Comment
Comment