this post was submitted on 29 Apr 2025
19 points (100.0% liked)

Linux Questions

1676 readers
1 users here now

Linux questions Rules (in addition of the Lemmy.zip rules)

Tips for giving and receiving help

Any rule violations will result in disciplinary actions

founded 2 years ago
MODERATORS
possiblylinux127@lemmy.zip
19
I want the "Android" / GrapheneOS sandbox experience on Linux, is it achieveable? (lemmy.world)
submitted 2 weeks ago* (last edited 2 weeks ago) by MoonlightFox@lemmy.world to c/linuxquestions@lemmy.zip
14 comments fedilink hide all child comments
 

I really appreciate the GrapheneOS security model with detailed permissions for every app, including internet access.

I'd like to have something similar to that on my main OS. I like to be able to install an app without trusting it. So that I can be more lax with the FOSS projects and the proprietary stuff I use.

I use my PC for gaming, programming and personal stuff. I have been using Fedora for quite some time.

I know that QubesOS exists, and would give me the highest security and privacy guarantees, but i'd prefer something more elegant. I havent tried Qubes in 10 years though ๐Ÿค”

Am I limited to Flatpak with Flatseal and similar solutions to Flatseal for AppImage?

Edit: I have a ryzen iGPU and a seperate dedicated GPU

you are viewing a single comment's thread
view the rest of the comments
[โ€“] that_leaflet@lemmy.world 4 points 2 weeks ago

By default, flatpaks have no permissions. All permissions must be manually specified in the manifest file. But if you look at the top apps on Flathub, they tend to have broad filesystem permissions, including home and host. This are pretty bad permissions because it's insanely easy to escape the sandbox with them since there are no protections against writing to files like .bashrc. Snap at least prevents apps from accessing hidden files for this reason.