I really appreciate the GrapheneOS security model with detailed permissions for every app, including internet access.
I’d like to have something similar to that on my main OS. I like to be able to install an app without trusting it. So that I can be more lax with the FOSS projects and the proprietary stuff I use.
I use my PC for gaming, programming and personal stuff. I have been using Fedora for quite some time.
I know that QubesOS exists, and would give me the highest security and privacy guarantees, but i’d prefer something more elegant. I havent tried Qubes in 10 years though 🤔
Am I limited to Flatpak with Flatseal and similar solutions to Flatseal for AppImage?
Edit: I have a ryzen iGPU and a seperate dedicated GPU
To elaborate on this a little, you can use Flatseal to specify which directories a Flatpak app can have access to directly. For example, in a music player that stores the path of your music library, you’d want to use Flatseal to be sure it has direct access to that folder. This is similar to GrapheneOS’s storage scopes.
Aside from that, apps can also call on a file picker that lets you choose any file/folder on your system, and flatpak then creates a virtual path to bridge to that file/folder without exposing the entire rest of the filesystem. This is nice for one-time open/save commands, but doesn’t work for apps that need persistent access to a specific directory like in the music player example. This is similar to Android’s file provider API.
I don’t recall off the top of my head what flatpak apps have access to by default. Some subset of the home folder, I think?
By default, flatpaks have no permissions. All permissions must be manually specified in the manifest file. But if you look at the top apps on Flathub, they tend to have broad filesystem permissions, including home and host. This are pretty bad permissions because it’s insanely easy to escape the sandbox with them since there are no protections against writing to files like .bashrc. Snap at least prevents apps from accessing hidden files for this reason.