search

flatpak / flatpak-docs

Flatpak documentation
https://docs.flatpak.org
Other
79 stars 132 forks source link

[Bug]: Docs incorrectly describe relationship between "host" and "host-os"/"host-etc" permissions #480

Closed mikix closed 3 months ago

mikix commented 3 months ago

Checklist

Flatpak version

1.14.6

What Linux distribution are you using?

Ubuntu

Linux distribution version

24.04

What architecture are you using?

x86_64

How to reproduce

  1. Go to https://docs.flatpak.org/en/latest/sandbox-permissions.html
  2. Search for host-etc and read all the host* permission descriptions

Expected Behavior

The docs would say that host includes host-etc and host-os, which each turn on specific exposures.

Actual Behavior

Instead, they give the impression that host-etc includes host and that host does not include host-etc. That's the reverse of what's actually the case, afaict from testing and looking at the code.

Additional Information

No response

smcv commented 3 months ago

docs.flatpak.org is https://github.com/flatpak/flatpak-docs/, please could someone with suitable permissions move this issue to that project? [edited: never mind, looks like I can do this myself]

smcv commented 3 months ago

The docs would say that host includes host-etc and host-os, which each turn on specific exposures.

I confirm that that is how they work, and flatpak-docs is documenting this wrong. flatpak-metadata(5) in https://github.com/flatpak/flatpak describes the situation correctly:

"host: The entire host file system, except for directories that are handled specially by Flatpak. … Additionally, this keyword provides all of the same directories in /run/host as the host-os and host-etc keywords."

So host-os and host-etc are each "less powerful" than host. That's why I added them: I didn't want to have to add the host permission, which is usually a sandbox escape, just to be able to read the host's /etc and /usr.