Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Request]: What exactly does "Sandbox per bottle" do? #3498

Open
c2630o59v opened this issue Sep 14, 2024 · 1 comment
Open

[Request]: What exactly does "Sandbox per bottle" do? #3498

c2630o59v opened this issue Sep 14, 2024 · 1 comment
Labels
Feature request

Comments

@c2630o59v
Copy link

Tell us the problem or your need

There is no good documentation that I could find about what "Sandbox per bottle" does.

Describe the solution you'd like

I think there should be some documentation about this. I personally would like to know the answer to the following:

  1. Does it prevent read/write access to other bottles and other resources inside the flatpak?
  2. Does it prevent memory access to other running bottles?
  3. Does it fix any x11 vulnurabilities such as hijacking a super user terminal window?

Other solutions?

No response

Additional context and references

No response
@Sturmlocke86
Copy link

Sturmlocke86 commented Nov 1, 2024
edited
Loading

I'm in the same boat as I am trying to decide whether to turn this on or off for enhanced isolation etc. How does it work, what are the pros and cons? Have you been able to find more infos on the subject? @c2630o59v

Edit, found this a few minutes ago: #1158 and #1691

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Sturmlocke86 @c2630o59v