mirror of
https://github.com/flatpak/flatpak.git
synced 2026-03-26 10:54:59 -04:00
b7c1b7e208
The fedora selinux-policy (and therefor also the openSUSE one) has a named file transition that relabels folders in ~/.local/share/ with the type `systemd_home_t` when they are called "systemd". This is unfortunate as this means it will also relabel the directory under `.local/share/flatpak/.*/systemd`, as it matches the directory name. As the systemd filetrans looks valid and it is a shortcoming of SELinux in general, this is the easiest fix that would make the folders below .local/share/flatpak not be labelled incorrectly i would say. Additionally, this will need a fix in the main selinux-policy. What happens if we don't fix it? - Users will have some of the files in .local/share/flatpak pop up when running `restorecon` which might confuse them - At least in regular targeted mode, it will likely not make an impact in the sense that some access gets denied, so it just "looks ugly" Reproducer openSUSE Tumbleweed: ``` $ rm -rf ~/.local/share/flatpak $ flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo $ flatpak install --user flathub org.gnome.Builder $ restorecon -Rvn ~/.local/share/flatpak ... Would relabel /home/<user>/.local/share/flatpak/app/org.gnome.Builder/x86_64/stable/327753f4701dbb9046bfb0c0c9c05b16edea0fbd8df7f368525c461d8d30b5a4/files/lib/systemd from unconfined_u:object_r:systemd_home_t:s0 to unconfined_u:object_r:data_home_t:s0 ... ```
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
See https://flatpak.org/ for more information.
Flatpak is available in the package repositories of most Linux distributions and can be installed from there. See https://flatpak.org/setup/ for quick setup instructions for many distributions.
Community discussion happens in #flatpak:matrix.org, on the mailing list, and on the Flathub Discourse.
Read documentation for Flatpak here.
Contributing
Flatpak welcomes contributions from anyone! Here are some ways you can help:
- Fix one of the issues and submit a PR
- Update flatpak's translations and submit a PR
- Improve flatpak's documentation, hosted at http://docs.flatpak.org and developed over in flatpak-docs
- Find a bug and submit a detailed report including your OS, flatpak version, and the steps to reproduce
- Add your favorite application to Flathub by writing a flatpak-builder manifest and submitting it
- Improve the Flatpak support in your favorite Linux distribution
Hacking
See CONTRIBUTING.md
Related Projects
Here are some notable projects in the Flatpak ecosystem:
- Flatseal: An app for managing permissions of Flatpak apps without using the CLI
- Flat-manager: A tool for managing Flatpak repositories