System Administration

Flatseal – graphical utility to review and modify permissions from Flatpak applications

In Operation

Here’s an image of Flatseal in action. On the left hand side is a list of Flatpaks installed on the system. For each application, we can fine-tune a whole raft of permissions available in the sandbox including subsystems, sockets, devices, features available to the application, filesystems, persistent (homedir-relative paths), and environment (list of variables exported), system bus, session bus, and portals (resourcea selectively granted to the application).

Flatseal offers a very simple but effective user interface.

Flatseal in action
Click image for full size

Flatpak provides two different permissions models: static and dynamic. Static refers to the permissions set by the developers when applications are built. Static permissions are holes in the sandbox, e.g. an application built with --filesystem=home can access all user personal files. Dynamic refers to the permissions granted by the users when applications run. Dynamic permissions rely on resource providers called Portals and can require user confirmation, e.g. users can grant access to one specific file thanks to the org.freedesktop.portal.FileChooser portal. Dynamic means that users don’t need to trust applications with more resources than is strictly needed.

Here’s an example of one of the many uses of Flatseal. We’ve installed the Flatpak for Tauon, one of the finest open source music players in Linux. If we try to drag albums located on a network share, we get the following error.

Tauon permissions

With Flatseal, we can grant the application access to the directory where our music collection is stored.

Fixing the filesystem
Click image for full size

Summary

Flatseal is an awesome utility. With a simple UI, it lets us review and modify permissions for all our Flatpak applications. We like the fact that the developer isn’t interested in adding features that stray away from the core functionality provided by Flatseal.

Website: github.com/tchx84/Flatseal
Support:
Developer: Martin Abente Lahaye
License: GNU General Public License v3.0

Flatseal is written in JavaScript. Learn JavaScript with our recommended free books and free tutorials.

Pages in this article:
Page 1 – Introduction and Installation
Page 2 – In Operation and Summary

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Please read our FAQ before making a comment.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments