Comment by Flimm

3 days ago

In practise, Flatpak packages have many more permissions than you might expect, and the sandbox feature gives a false sense of security. For example, the Obsidian Flatpak package [0] is given all of the following abilities without explicit permission from the user (the user has to know where to look to find out about them):

- Home folder read/write access

- System folder media

- System folder mnt

- Microphone access and audio playback

- And more...

The Obsidian snap [1] is installed with the --classic flag, which also grants access to the whole home directory, but at least you have to consciously specify the --classic flag to grant this permission.

[0] - https://flathub.org/en/apps/md.obsidian.Obsidian

[1] - https://snapcraft.io/obsidian

1 comment

Flimm

Reply
Groxx  19 hours ago

fwiw blocking access to anything except my notes folder (and denying internet, among other things) is my very first step when installing Obsidian. Flatseal makes that quite simple.

Flatpak could of course be significantly better... but it's still a massive step in a better direction.