Sandbox Security

Last year, Flatkill.org [16] caused a sensation for a short time. It tried to demonstrate, in the style of the well-known systemd criticism, that Flatpak is a nightmare when it comes to sandbox security. The critics attacked the way Flatpak handles permissions. However, with a few exceptions, the accusations no longer applied by the time the criticism was published.

The criticism was directed against apps based on GTK2. Applications based on GTK3 and Qt 5 use the previously mentioned portals [17] for D-Bus-based access to the filesystem and other resources, such as printers, from inside the sandbox (Figure 7).

Figure 7: Portals form the interface between the app in the sandbox and the underlying system. They ensure two-way communication via D-Bus and regulate access to resources.

Since the stable version 1.0, Flatpak has seen additional improvements. Noteworthy are support for multiple Nvidia devices, the introduction of the username flatpak and of a custom fuse filesystem to enhance security in the home context. Flatpak can also handle webcams through the new Screencast portal, which makes use of Pipewire. Overall, Flatpak offers better control over the lifecycle of individual versions and an improved platform for regression testing.

Moving forward, major versions will appear every three months, supplemented by snapshots in between releases. For a deeper understanding of Flatpak's technical background, see Larsson's presentation from the All Systems Go conference in Berlin in September 2018 [18].

The Middle Ground

Flatpak and other alternative systems have found their way into the Linux infrastructure and are not likely to quickly disappear. Each of the approaches received both praise and criticism: Some critics see the demise of Linux coming; some proponents wish that distributions could predominantly consist of Flatpaks or Snaps. Fedora is currently implementing this in the Silverblue project, for example. As is so often the case, the middle ground makes the most sense.

Flatpaks offer advantages – and, depending upon your point of view, also cause disadvantages. The advantages are especially important for stable distributions and LTS versions. While, for reasons of stability, only older versions of software are available on LTS, Flatpak offers users the option of installing current software in a way that does not clash with the version provided by the actual package manager.

If you run several distributions in parallel, you only need to download a Flatpak once to use the software everywhere. Flatpaks are therefore completely independent of the distribution update cycle.

Conclusions and Outlook

Flatpak has arrived on the desktop with varying responses. Developers use Flatpak to serve all distributions with a single package. Fedora is enthusiastic about the new format and sees it as the future of distribution.

An informal survey of friends and family shows that Flatpaks are used moderately by some advocates, with the number of applications rarely exceeding a dozen.

As for the future, Flatpak will only live as long as the desktop does. If the influence of web apps continues to increase, the desktop's function may at some point be mainly to launch the browser. And that would probably be the end of Flatpak.