this post was submitted on 07 Jul 2024
103 points (94.0% liked)
Linux
48376 readers
1701 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Flatseal: well that's normal, it can't control Flatpak's access controls if it is itself sandboxed. Even if it was sandboxes, it could just grant itself everything.
For Xournal: it's probably because it doesn't support portals or whatever, so it can't use the open file dialog to get permissions. So it needs to be able to get to your files somehow to open them.
In both cases, it just means its permissions model is more like regular applications you'd get from your package manager. If you install Xournal with apt/dnf/pacman it also won't be sandboxed.
The point of sandboxing is you can run applications you don't trust too much, or significantly reduce the blast radius if say, your browser gets breached: then it has another barrier to overcome to reach anything other than the browser's own data. The lack of sandboxing doesn't inherently imply the app is evil or will hack you. It just means it doesn't have the extra protection around it. So like, probably don't open sketchy PDFs in it, but I wouldn't stop using the app solely because it lacks sandboxing.
I think the problem with xournal is that it cannot ask a file portal to give it access to two related files at once. "I want to let the user pick foo.pdf.xournal, and also give me access to foo.pdf". So the next best thing is to give it the "access any damned file" permission, and let Xournal grab whatever it wants. You get the same problem with video players - you could take away their permission to open-any-file, but then they won't be able to pick up a related subtitle file.