If I globally disable filesystem access to home (i.e. filesystems=!home;
), and an app declared that it needs home/some-dir
, do I need to explicitly prevent access or do my global settings take precedence?
If I globally disable filesystem access to home (i.e. filesystems=!home;
), and an app declared that it needs home/some-dir
, do I need to explicitly prevent access or do my global settings take precedence?
I don’t know the answer for sure, but think the global settings are like default settings. Each application can have different overrides. Not sure if the following is the correct quote to make, but sounds like this is how it works: https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-override
I assume you know Flatseal (GUI application for Flatpak permissions), right? After installation of a Flatpak app, you can go to the Flatseal settings and make sure to disable access if the application enabled anything you don’t like. I do not think there is an automatic way to force a specific setting for all applications. You have to deal with this per application. But I can be wrong here.
I’m asking global override vs application manifest (not application override). So the app asks for access to
home/some-dir
but I have a global override that blocks access to home entirely.