Leaflet
- 472 Posts
- 384 Comments
Leaflet@lemmy.worldto Linux@sh.itjust.works•Do AppArmor and Flatpak have any weird interactions?1·2 days agoI don’t fully understand what you mean.
With flatpak, you have the option of installing applications on the system (/var/lib/flatpak) or for a single user (~.local/share/flatpak). And application data for each gets stored in ~/.var/app.
AppArmor should confine the same regardless of which user is running the package. Besides, the flatpak’s main sandboxing comes from bubblewrap. Though the distro’s default AppArmor profiles can further be used to sandbox more stuff.
The battery life is still better than most laptops, but yeah, not as good as MacOS.
It’s meant to be an upgrade over the old system. If both are accessible, that just means they didn’t remove the old code.
Might end up buying a Pixel 9A to make sure that Anubis keeps working on GrapheneOS.
- Xe, the Anubis developer
Leaflet@lemmy.worldto Linux@lemmy.ml•In 2025 Fedora Silverblue has better plug and play than OSX....English5·2 days agoThe touchpad would be very unresponsive for several minutes after waking from sleep. It would still work, but had a crazy latency. Happened in both Windows and Linux.
I believe I could’ve hacked around it with this command.
Leaflet@lemmy.worldto Linux@lemmy.ml•In 2025 Fedora Silverblue has better plug and play than OSX....English14·3 days agoI use Silverblue and MacOS daily, I enjoy the former so much more.
Unfortunately my relatively new Lenovo laptop has a small but also major driver bug that hasn’t been fixed in all the time I’ve had it. Bad to the point I got the Mac to have actual working hardware. But I do not enjoy MacOS in the slightest. At best I can say it harasses you less than Windows and respects the user a few degrees more than Windows.
Leaflet@lemmy.worldto Linux@sh.itjust.works•Do AppArmor and Flatpak have any weird interactions?1·4 days agoIn general, they don’t interfere. The only major issues I’ve seen are with in development versions of Ubuntu, which have a strange habit of breaking flatpak, but it gets fixed before release.
SELinux tends to have more issues.
Leaflet@lemmy.worldto Linux@lemmy.ml•Installing Linux Doesn't Need to Change. The Experience Does.English2·4 days agoThat’s what I’m saying. The OS installer can be super nice and intuitive, but the process of getting to that point, messing with the BIOS, is troublesome.
I know in the past there’s been tools that allowed you to install Linux from within Windows. That would be a great way to work around this problem, though I think there are certain limitations with that approach.
Leaflet@lemmy.worldto Linux@lemmy.ml•Installing Linux Doesn't Need to Change. The Experience Does.English322·5 days agoA person can only specialize in a small number of things.
I’m happy to learn about computers, but when it comes to, say, cars, I have no desire to learn. If I have a car problem, I don’t have the knowledge of how to even look up a problem.
Leaflet@lemmy.worldto Linux@lemmy.ml•Installing Linux Doesn't Need to Change. The Experience Does.English93·5 days agoHonestly I think the bigger barrier is the BIOS. The button to get to the boot menu is different on every motherboard.
Leaflet@lemmy.worldto Linux@lemmy.ml•Removal of Deepin Desktop from openSUSE due to Packaging Policy ViolationEnglish11·9 days agoWasn’t vertical integration, was done by packager.
We don’t believe that the openSUSE Deepin packager acted with bad intent when he implemented the “license agreement” dialog to bypass our whitelisting restrictions. The dialog itself makes the security concerns we have transparent, so this does not happen in a sneaky way, at least not towards users. It was not discussed with us, however, and it violates openSUSE packaging policies.
Leaflet@lemmy.worldto Linux Mint@lemmy.ml•Anyone know why this happens? Drive dismountsEnglish1·10 days agoI get this occasionally. If the directory the drive gets mounted to already exists, it can’t mount it.
Usually this happens if the drive bugs out and improperly dismounts.
Rebooting should get rid of the directory.
Leaflet@lemmy.worldOPto Linux@lemmy.ml•Adopting sudo-rs By Default in Ubuntu 25.10 | and status update on rust coreutils and rust PGPEnglish10·11 days agoNot by default, but you can optionally enable it.
Leaflet@lemmy.worldOPto Linux@lemmy.ml•The Future of Flatpak | Sebastian Wick @ LAS 2025English3·15 days agoAh I had the same issue. JavaFX still uses X11. By default VSCode only lets X11 be used if Wayland is not available (this is the X11 fallback permission). Disabling X11 fallback will let VSCode use Wayland and let JavaFX use X11. I might make an issue for this on the flatpak’s GitHub asking for this change.
Honestly, the truth is that setting up containers for development will always be a hassle. My low tech way is just to make a distrobox container with its own home folder, install an IDE in it, and install packages. The more proper way to do it would create your own containerfile to build your container for developing.
VSCode also has its DevContainers extension but that doesn’t work in VSCodium and does some weird things.
Leaflet@lemmy.worldOPto Linux@lemmy.ml•The Future of Flatpak | Sebastian Wick @ LAS 2025English5·15 days agoFlatpak’s usefulness for programming depends on the IDE and language. IDEs like VSCode largely suck because they are not designed to work in flatpak. But some languages still do work well in them, such as Rust, since Flathub provides the Rust SDK and dependency management is done with cargo. But it sucks for C++, where you typically install dependencies using your system package manager.
IDEs like Gnome Builder are pretty good. It’s designed to work within the flatpak sandbox. Even when running as a flatpak, you can choose to build things using containers or your host system. And of course also build using the Freedesktop runtimes.
I recently setup JavaFX with the flatpak version of VSCodium and have it working pretty well. You first need to install the Java SDK from Flathub, set an env variable to tell VSCode to load the SDK. The more annoying part was JavaFX since it’s not part of the JDK anymore. I just downloaded the JavaFX tar, extracted to a directory called JavaFX, and set $JAVAFX_HOME to point to it. Since VSCode has host filesystem access, it can access it. Few more steps than traditional Linux, sure, but still easier than MacOS and Windows.
Not sure about your database situation though.
Leaflet@lemmy.worldOPto Linux@lemmy.ml•The Future of Flatpak | Sebastian Wick @ LAS 2025English6·15 days agoMajor people of the project had moved on. It’s being maintained, getting security fixes, but pull requests are slow to be merged.
Leaflet@lemmy.worldOPto Linux@lemmy.ml•The Future of Flatpak | Sebastian Wick @ LAS 2025English3·15 days agoThat is planned. But pulse is not secure, so exposing it is not great.
Leaflet@lemmy.worldOPto Linux@lemmy.ml•The Future of Flatpak | Sebastian Wick @ LAS 2025English39·16 days agoDon’t believe so, best that’s currently available is skimming through the video to look at the slides.
Here’s my short summary of the presentation, I tried to denote what’s being worked on (open PR), what’s kinda being done (WIP), and things stuff they’d like to be done in the future (wishlist). May be somewhat wrong.
- Flatpak is stagnant
- Red Hat is working on a better way to preinstall flatpak apps (open PR)
- Flatpak should is slowly moving towards OCI and away from ostree (more tooling available, don’t need to maintain their own tools)
- Better permission handling that is more backwards compatible (open PR)
- Should directly use Pipewire instead of Pulseaudio (WIP)
- Allow user namespaces in flatpak sandbox (WIP)
- Move dbus proxying into dbus brokers (wishlist)
- Improve network sandboxing (wishlist)
- Improve drivers handling, currently drivers need to be built for each runtime, could cause issues if using EOL app on new hardware (wishlist)
- Work on portals directly improves flatpak
Leaflet@lemmy.worldOPto Linux@lemmy.ml•The Future of Flatpak | Sebastian Wick @ LAS 2025English161·16 days agoUnfortunately, it’s not in a great situation. Flatpak is stagnant. There’s a lot of cool things in the works, like a stronger sandbox, preinstalling flatpaks more effectively, etc, but merging things is hard.
Oh I understand now, you’re referring to making AppArmor profiles to target a specific app. I just did a little research and it’s possible to create AppArmor policies for binaries that are in a user’s home folder.
Rather than hardcoding a specific user’s home, you can instead say “@{HOME}”. So you could create a profile for “@{HOME}/.local/share/flatpak/app/appID/current/active/files/bin/binaryName” that would confine the app for all users.