FLATPAKS..... [Last edited on 2023-04-23]
- Thread starter Condobloke
- Start date
OP
Condobloke
Well-Known Member
The terminal command :
This PPA is provided as a convenience for Ubuntu users ..........Linux Mint users who have kept their install up to date, should ignore this....
By 'up to date' I mean setting the preferences in Update Manger to reflect the setting in the below screenshot
Make sure your system snapshots are properly configured means : Timeshift snapshots show that several thousands files change or are created every day. Timeshift snapshots should be so done on a daily basis, completed by operating system backups on a weekly basis.
My Timeshift arrangement looks like below: Another daily will automatically be added shortly.
As I said ...read the article Carefully.
Code:
sudo add-apt-repository ppa:flatpak/stableThis PPA is provided as a convenience for Ubuntu users ..........Linux Mint users who have kept their install up to date, should ignore this....
By 'up to date' I mean setting the preferences in Update Manger to reflect the setting in the below screenshot
Make sure your system snapshots are properly configured means : Timeshift snapshots show that several thousands files change or are created every day. Timeshift snapshots should be so done on a daily basis, completed by operating system backups on a weekly basis.
My Timeshift arrangement looks like below: Another daily will automatically be added shortly.
As I said ...read the article Carefully.
Last edited:
Very nice explanation... thanks!
OP
Condobloke
Well-Known Member
look to the bottom of the article, 5. Useful tricks and commands
Flatpak repair....for those with flatpals installed etc....makes for an interesting result in Terminal
flatpak list ....gives you what you have installed.....
brian@brian-desktop:~$ flatpak list
Name Application ID Version Branch Installation
The Dialect Authors app.drey.Dialect 2.3.0 stable system
calibre com.calibre_ebook.calibre 7.9.0 stable system
Martin Abente Lahaye com.github.tchx84.Flatseal 2.2.0 stable system
Unrud …m.github.unrud.VideoDownloader 0.12.12 stable system
Wellington Wallace com.github.wwmm.pulseeffects 4.8.7 stable system
GtkStressTesting com.leinardi.gst 0.7.6 stable system
Giant Pink Robots! …thub.giantpinkrobots.flatsweep v2024.3.20 stable system
BleachBit org.bleachbit.BleachBit v4.6.0 stable system
Freedesktop Platform org.freedesktop.Platform 22.08.24 22.08 system
Freedesktop Platform org.freedesktop.Platform 23.08.16 23.08 system
Mesa …reedesktop.Platform.GL.default 24.0.4 22.08 system
Mesa (Extra) …reedesktop.Platform.GL.default 24.0.4 22.08-extra system
Mesa …reedesktop.Platform.GL.default 24.0.5 23.08 system
Mesa (Extra) …reedesktop.Platform.GL.default 24.0.5 23.08-extra system
Intel …eedesktop.Platform.VAAPI.Intel 22.08 system
Intel …eedesktop.Platform.VAAPI.Intel 23.08 system
ffmpeg-full …eedesktop.Platform.ffmpeg-full 23.08 system
openh264 ….freedesktop.Platform.openh264 2.1.0 2.2.0 system
openh264 ….freedesktop.Platform.openh264 2.4.1 2.4.1 system
GNOME Application Platform v… org.gnome.Platform 45 system
GNOME Application Platform v… org.gnome.Platform 46 system
gnome platform translations org.gnome.Platform.Locale 43 system
Mint-Y Gtk Theme org.gtk.Gtk3theme.Mint-Y 3.22 system
Mint-Y-Aqua Gtk Theme org.gtk.Gtk3theme.Mint-Y-Aqua 3.22 system
Mint-Y-Blue Gtk Theme org.gtk.Gtk3theme.Mint-Y-Blue 3.22 system
Mint-Y-Sand Gtk Theme org.gtk.Gtk3theme.Mint-Y-Sand 3.22 system
GtkHash org.gtkhash.gtkhash 1.5 stable system
KDE Application Platform org.kde.Platform 6.6 system
ISO Image Writer org.kde.isoimagewriter 24.02.2 stable system
KPatience org.kde.kpat 24.02.2 stable system
brian@brian-desktop:~$
Security ?....flatpaks use Bubblewrap
The goal of bubblewrap is to run an application in a sandbox, where it has restricted access to parts of the operating system or user data such as the home directory.
Bubblewrap works by creating a new, completely empty, mount namespace where the root is on a tmpfs that is invisible from the host, and will be automatically cleaned up when the last process exits.
The user can specify exactly what parts of the filesystem should be visible in the sandbox. Any such directories you specify mounted nodev by default, and can be made readonly.
The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however.
In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots
etc
Flatpak repair....for those with flatpals installed etc....makes for an interesting result in Terminal
flatpak list ....gives you what you have installed.....
brian@brian-desktop:~$ flatpak list
Name Application ID Version Branch Installation
The Dialect Authors app.drey.Dialect 2.3.0 stable system
calibre com.calibre_ebook.calibre 7.9.0 stable system
Martin Abente Lahaye com.github.tchx84.Flatseal 2.2.0 stable system
Unrud …m.github.unrud.VideoDownloader 0.12.12 stable system
Wellington Wallace com.github.wwmm.pulseeffects 4.8.7 stable system
GtkStressTesting com.leinardi.gst 0.7.6 stable system
Giant Pink Robots! …thub.giantpinkrobots.flatsweep v2024.3.20 stable system
BleachBit org.bleachbit.BleachBit v4.6.0 stable system
Freedesktop Platform org.freedesktop.Platform 22.08.24 22.08 system
Freedesktop Platform org.freedesktop.Platform 23.08.16 23.08 system
Mesa …reedesktop.Platform.GL.default 24.0.4 22.08 system
Mesa (Extra) …reedesktop.Platform.GL.default 24.0.4 22.08-extra system
Mesa …reedesktop.Platform.GL.default 24.0.5 23.08 system
Mesa (Extra) …reedesktop.Platform.GL.default 24.0.5 23.08-extra system
Intel …eedesktop.Platform.VAAPI.Intel 22.08 system
Intel …eedesktop.Platform.VAAPI.Intel 23.08 system
ffmpeg-full …eedesktop.Platform.ffmpeg-full 23.08 system
openh264 ….freedesktop.Platform.openh264 2.1.0 2.2.0 system
openh264 ….freedesktop.Platform.openh264 2.4.1 2.4.1 system
GNOME Application Platform v… org.gnome.Platform 45 system
GNOME Application Platform v… org.gnome.Platform 46 system
gnome platform translations org.gnome.Platform.Locale 43 system
Mint-Y Gtk Theme org.gtk.Gtk3theme.Mint-Y 3.22 system
Mint-Y-Aqua Gtk Theme org.gtk.Gtk3theme.Mint-Y-Aqua 3.22 system
Mint-Y-Blue Gtk Theme org.gtk.Gtk3theme.Mint-Y-Blue 3.22 system
Mint-Y-Sand Gtk Theme org.gtk.Gtk3theme.Mint-Y-Sand 3.22 system
GtkHash org.gtkhash.gtkhash 1.5 stable system
KDE Application Platform org.kde.Platform 6.6 system
ISO Image Writer org.kde.isoimagewriter 24.02.2 stable system
KPatience org.kde.kpat 24.02.2 stable system
brian@brian-desktop:~$
Security ?....flatpaks use Bubblewrap
The goal of bubblewrap is to run an application in a sandbox, where it has restricted access to parts of the operating system or user data such as the home directory.
Bubblewrap works by creating a new, completely empty, mount namespace where the root is on a tmpfs that is invisible from the host, and will be automatically cleaned up when the last process exits.
The user can specify exactly what parts of the filesystem should be visible in the sandbox. Any such directories you specify mounted nodev by default, and can be made readonly.
The maintainers of this tool believe that it does not, even when used in combination with typical software installed on that distribution, allow privilege escalation. It may increase the ability of a logged in user to perform denial of service attacks, however.
In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots
etc
