[kwlug-disc] linux distro ... -> sandboxed runtimes

Doug Moen doug at moens.org
Tue Oct 21 12:17:07 EDT 2025 

On my Linux desktop systems, I use flatpak instead of snap.
The main difference, from my perspective, is that flatpak puts the user in control of their experience, and puts the developer in control of what they ship, while with snap, Canonical is in control.

I can add or remove sandbox permissions from a flatpak using "flatpak override ...".

My phone runs GrapheneOS. Graphene has a richer set of sandbox permissions than Android (eg, you can deny network access). As a user, I can add or remove permissions from my apps.

For me, flatpak and GrapheneOS are the best available solutions (for desktop and mobile) of the problem that Mikalai describes.

For desktop browsers, I have replaced Firefox with LibreWolf, and I have replaced Chrome and Chromium with Ungoogled Chromium. Both provide superior security, privacy and control. Of the two, I like LibreWolf better, but I like to have multiple browsers based on different engines. For me, LibreWolf takes the GrapheneOS attention to detail for security, privacy and user control, and applies those values to a desktop web browser.

https://librewolf.net/

Mikalai talks about curated and trusted app stores. The important thing is that you should have a choice, rather than the corporation that owns the platform having total control.

On Kinoite, the flatpak app store defaults to a selection of apps that are endorsed by the Fedora project. There is a button for adding Flathub as an additional source, and Flathub is more of a free-for-all. The flatpak ecosystem was designed to support multiple app stores, and I'm already subscribed to two of them on Kinoite.

On Android, I do not trust the Google Play Store and I won't use it. I get most of my apps from the F-Droid official repo, because I consider them to be the most trustworthy. The F-Droid client permits you to add additional repos curated by other people with different priorities, and I have added some additional repos for a handful of the apps I've installed.

Doug.

----- Original message -----
From: Mikalai Birukou via kwlug-disc <kwlug-disc at kwlug.org>
To: kwlug-disc at kwlug.org
Cc: Mikalai Birukou <mb at 3nsoft.com>
Subject: Re: [kwlug-disc] linux distro ... -> sandboxed runtimes
Date: Tuesday, October 21, 2025 2:08 PM

There is an important aspect with sandboxed runtimes. Sandbox doesn't 
allow program to "do anything", requiring permissions, ... but who 
should be passing a judgement call: "Big Store" or a "little user/me".

Context quote:

> My own personal experience with Snap as a developer is such that I won't allow Snap on any of my machines. When I was working on the Curv open source project, a contributor created a snap package for Curv. I tested it, and it didn't work on my machine due to a sandboxing problem. But Blender, another 3D modelling program, did work on my machine in snap form. The difference was in the sandboxing parameters. I asked the contributor to use the same sandboxing parameters for the Curv snap as was used by the Blender snap. The answer was: this is impossible, because Canonical would not accept the Curv snap with those parameters, and therefore it was impossible to distribute the snap. Only Canonical had the power to allow Curv to run correctly, and the Curv project did not have the same level of political power as the Blender project, so we were out of luck.

Let's replace: snap -> Android Google Play store, parameters for Curv -> 
permission to use camera, -- and we would get a similar situation where 
another "Big Store" makes decision on behalf of users, ... to protect, 
of course, ... while removing any freedom from users, by removing 
competition.

Argument would then go, "how could little user/me" know?

Let me come back to short discussion at our October meeting:
- many of these systems with sandboxed runtimes for apps have explicit 
permissions parameters, in manifests.
- tools can be made to analyze relationships and give "little user" 
actionable suggestions. Information is there, in every user's system.
- such tools where not observed, even by those who are tasked with 
making information security judgements.

What if there is a meaningful help to "little user" for making 
permissions? Then the "free world" stops being a synonym with "dangerous 
world".
What if it is a "middle user", organization's admin? Then we can have 
secure organization context without giving all controls to "Big Co's", 
with their tendencies.

Note that browsers are also similar sandboxed runtimes, and many learn 
phrase "User Agent" first in browser context. Hence, experience with 
browsers is also relevant here.



_______________________________________________
kwlug-disc mailing list
To unsubscribe, send an email to kwlug-disc-leave at kwlug.org
with the subject "unsubscribe", or email
kwlug-disc-owner at kwlug.org to contact a human being.

More information about the kwlug-disc mailing list