Open Stoppedpuma opened 3 weeks ago
@roddhjav Is the goal for flatpak applications to be supported or just more of a "if it works, it works" type of thing?
Dam, I need to test steam over flatpak much more. Meanwhile I recognize some log as I have done something similar for the steam profile.
No, flatpak app are fully supported. It is even a full requirement of this project because on a long term basis, more an more applications will run inside flatpak (or similar). The flatpak-app
profile has been extensively tested, and works fine for most (more classic) program. Meanwhile, it is hard to write the flatpak-app
profile is a way that is both meaningful in term of security and is compatible with any flatpak app.
NB: You will also have to set user_games_dirs
to /mnt/ss-zpool/SteamLibrary
in your local tunable
It might be a good idea to separate flatpak-app into two different profiles such as flatpak-app and flatpak-app-strict. flatpak-app-strict is meant to be locked down and uses the case above where "if it works, it works" type of things where-as the more relaxed flatpak-app has better support for the odd app? I would say it might be worth doing if changes to flatpak-app weaken security too much.
That is not possible because there is no way to select profile to use. (it would be flatpak work to do on they own side, it is out of scope of flatpak)
@roddhjav Unrelated to flatpak but I have a question, installing apparmor.d seems to break waydroid without leaving any denial logs? Closest I get to a log is the errors from my terminal when starting waydroid:
[gbinder] ERROR: Can't open /dev/binder: No such file or directory
Failed to add presence handler: None
How would I go about debugging this?
This is probably going to be a headache to support.
Additional stuff from when the profile is in complain mode: