what does this mean for Flatpak?
what does this mean for Flatpak?
should i be worried installing these two? what does it mean though?
(these are captured from Pop! OS software manager)
Flatseal: well that's normal, it can't control Flatpak's access controls if it is itself sandboxed. Even if it was sandboxes, it could just grant itself everything.
For Xournal: it's probably because it doesn't support portals or whatever, so it can't use the open file dialog to get permissions. So it needs to be able to get to your files somehow to open them.
In both cases, it just means its permissions model is more like regular applications you'd get from your package manager. If you install Xournal with apt/dnf/pacman it also won't be sandboxed.
The point of sandboxing is you can run applications you don't trust too much, or significantly reduce the blast radius if say, your browser gets breached: then it has another barrier to overcome to reach anything other than the browser's own data. The lack of sandboxing doesn't inherently imply the app is evil or will hack you. It just means it doesn't have the extra protection around it. So like, probably don't open sketchy PDFs in it, but I wouldn't stop using the app solely because it lacks sandboxing.
I think the problem with xournal is that it cannot ask a file portal to give it access to two related files at once. "I want to let the user pick foo.pdf.xournal, and also give me access to foo.pdf". So the next best thing is to give it the "access any damned file" permission, and let Xournal grab whatever it wants. You get the same problem with video players - you could take away their permission to open-any-file, but then they won't be able to pick up a related subtitle file.
No, you don't need to be worried. For example, Flatseal is a program to manage other flatpaks. This means that, by design, it needs to be able to grant flatpaks certain permissions that may expose them to system services they need to operate correctly.
One user mentioned that these new warnings aren't particularly helpful, because they don't give a good explanation of what or why, and they just foster anxiety in users who just want to install an otherwise reputable flatpak.
I don't know anything about xournal++, but I would imagine it's also reputably safe, and somebody else can verify for sure.
Yeah Xournal++ is probably the best hand-written note taking and PDF annotation program available on Linux, it's pretty well known. The system settings permission is to honor some global settings you might have enabled, and the file system access is so you can save and open stuff from anywhere, I assume.
Flatseal's job is to do that. As for the note app, that's not great, but you can use flatseal to take away those permissions after installation.
Its a silly default. Might also be to allow people to edit /etc configs with the app since its a basic editor. With enough dummies complaining about "doesn't work can't access files in <directory>" the dev may have set that to reduce negative review bloat (seriously look at the flatpak and snap stores and the number of bad reviews due to people not understanding the permissions system).
I would be turning that off immediately until I knew how trustworthy the app was or not installing it, just saying I can see where that default setting might be coming from.
Flatpak could use a permissions prompting api, so a prompt could be displayed to the user when they try to access a file outside the permissions scope, but that's probably a lot of work to get in place. Maybe something we'll see in flatpak in a few years.
Until then I think there needs to be some way to point new users to Flatseal and a summary of what these warnings imply and how to grok them.
The first one allows Flatseal to edit the permissions of Flatpak apps including itself.
System folder access allows a app to read the filesystem. (But not system internals)
System settings access allows the app to change settings
So the only concerning one is Xournal. However, I happen to know that it doesn't support XDG portals which is how apps ask for permissions to files so it needs full file access. As for the system settings I have no idea.
Every app with home or even host access can modify its own permissions.
This is why apps need to implement portals.
a curse upon these distros for alarming people with such messages. they are meaningless and technically apply to every flatpak
They mean that the app has that permission. It is good that they let the user know the apps capabilities
Not for the average/casual user, which is why this post exists.
The average person will look at that and see the '!' in a triangle and became scared of what it can do to their system, even though it has no more permissions than a system package. Alternatively, they will become desensitized and learn to ignore it, resulting in installing flatpacks from untrusted and unverified sources.
Overall, I just think the idea around having to sandbox all flatpaks is not a good idea. To give a concrete example, Librewolf is marked as "potentially unsafe" because it has access to the download folder, but if I want to use it to open a file that isn't in "downloads" I have to use flatseal to give it extra permissions - it's the worst of both worlds! Trying so hard to comply with flatpak guidelines that it gets in the way of doing things, and still not being considered safe enough.
a curse upon these distros
It's not the distros, it's Flathub who provides those warnings.
Flatpak downloads are insecure 100% of the time
This is good news for flatpack!
I don't know what the issue is here, but I can't see anything in your post, other than this:
What's going on? Is it Beehaw or why can't I see it?
There are two screenshot and I can see them? No #AltText though.
My apologies, its on my end. An extension was blocking it, now I can see the screenshots. Not sure what happened, because that is the first thing I check. Everything fine, I can see the two screenshots too.