this post was submitted on 10 Dec 2023
17 points (81.5% liked)
linux4noobs
1356 readers
1 users here now
linux4noobs
Noob Friendly, Expert Enabling
Whether you're a seasoned pro or the noobiest of noobs, you've found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux's ongoing evolution.
Seeking Support?
- Mention your Linux distro and relevant system details.
- Describe what you've tried so far.
- Share your solution even if you found it yourself.
- Do not delete your post. This allows other people to see possible solutions if they have a similar problem.
- Properly format any scripts, code, logs, or error messages.
- Be mindful to omit any sensitive information such as usernames, passwords, IP addresses, etc.
Community Rules
- Keep discussions respectful and amiable. This community is a space where individuals may freely inquire, exchange thoughts, express viewpoints, and extend help without encountering belittlement. We were all a noob at one point. Differing opinions and ideas is a normal part of discourse, but it must remain civil. Offenders will be warned and/or removed.
- Posts must be Linux oriented
- Spam or affiliate links will not be tolerated.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Flatpak is by design more secure - not less. Not everything runs in a flatpak anyway thanks to distrobox, podman, and rpm-ostree.
My GPU issues were related to the host as well as the GPU drivers quit working their two. It refused to load the correct kernel module. I have since found immutable OSes with Nvidia support OOB. I haven't tried any on that machine yet but am playing with one of my desktop.
I agree that by design Flatpak aims to provide a secure environment through sandboxing; in practice, the implementation has gaps that can lead to security risks, particularly when apps are granted extensive filesystem access. This can undermine the effectiveness of the sandbox and potentially expose systems to vulnerabilities. HOWEVER, being on an immutable system, these risks are mitigated to some degree.
I'm particularly hopeful for Flatpak's promise of fine grained permissions. Flatpak is developing a fine-grained permission system with portals for external interactions, BUT this system relies on integration with toolkits like GTK, rather than app-specific APIs, complicating its implementation. There is more info in the linked article in the previous post, and here it is again.
Admittedly I'm not familiar with distrobox, but my caution is for any approach that distributes containerized programs with their own runtimes; they proved to be a real headache on my "mutable" system and my nvidia GPU until I switched to rolling OS.
I'm glad you found some candidates to potentially resolve your issue. What distro did you end up using? I'm curious to give it a go next chance I have some free time. Cheers.
Bazzite - it's part of the ublue family derived from fedora but with extras including extra drivers.
Edit: you also get some immutable distros that don't need flatpaks like nix os and guix. They are much more difficult to work with though.
cool thanks.
Well I'm glad to hear these things being worked on and worked out
Yeah it seems to work well on my desktop with an AMD card. They have a variet for Asus laptops with Nvidia GPUs, so hopefully it will be easy to setup if I go that route. For now I am keeping Pop_OS! on my laptop as it seems fairly useful.