mirror of
https://github.com/flatpak/flatpak.git
synced 2026-03-26 02:45:15 -04:00
b93b58a44e
This adds a new type that is meant to track more complex permissions than a pure bitmask, including conditional dependencies. It is not yet used, but it will be used for at least the socket and device permissions. For each possible permission we track whether the permission is unconditionally allowed, unconditionally disallowed, or if it is conditionally allowed (allowed if some conditions are met). Additionally we track for each permission whether stacking the context on top of another will reset permissions in the layer below. This is a new feature, because previously merging layers *always* overrode the value from below, whereas conditional permissions can either stack on top of, or replace the underlying layer. In terms of the keyfile, there are 4 possible types of layers: 1) Add a permission, removes all partial permissions below socket=pipewire 2) Remove access, removes both partial and full permissions below socket=!pipewire 3) Adds a partial permission, keeping whatever is already there: socket=pipewire;pipewire:if:has-wayland Note: This adds a plain `pipewire` for backwards compat. Note: If parent has full pipewire access, this is a no-op. 4) Adds a partial permission, remove all previous access socket=!pipewire;pipewire;pipewire:if:has-wayland Note: This seems weird as it has both !pipewire and pipewire, but older versions will read these in order and get the right result. Additionally, partial permissions can have multiple conditions: socket=pipewire;pipewire:if:has-something;pipewire:if:has-other; In such a case the socket will be accessible if any condition matches. Conditions can also be negated: socket=pipewire;pipewire:if:!has-something; Due to backwards compatibility we have to add the non-conditional permission as well as the conditional, as older flatpak will ignore the conditional. This is handle when serializing/deserializing the permissions, and internally we don't have to care about this.
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
See https://flatpak.org/ for more information.
Flatpak is available in the package repositories of most Linux distributions and can be installed from there. See https://flatpak.org/setup/ for quick setup instructions for many distributions.
Community discussion happens in #flatpak:matrix.org, on the mailing list, and on the Flathub Discourse.
Read documentation for Flatpak here.
Contributing
Flatpak welcomes contributions from anyone! Here are some ways you can help:
- Fix one of the issues and submit a PR
- Update flatpak's translations and submit a PR
- Improve flatpak's documentation, hosted at http://docs.flatpak.org and developed over in flatpak-docs
- Find a bug and submit a detailed report including your OS, flatpak version, and the steps to reproduce
- Add your favorite application to Flathub by writing a flatpak-builder manifest and submitting it
- Improve the Flatpak support in your favorite Linux distribution
Hacking
See CONTRIBUTING.md
Related Projects
Here are some notable projects in the Flatpak ecosystem:
- Flatseal: An app for managing permissions of Flatpak apps without using the CLI
- Flat-manager: A tool for managing Flatpak repositories