1 unstable release
0.1.0 | May 21, 2024 |
---|
#806 in Unix APIs
7KB
77 lines
Flatpak Unsandbox
This rust crate allows rust flatpak apps to run themselves outside of the sandbox.
What this crate is not for:
- Getting around restrictions in Flatpak - Flatpak's sandbox is immensely useful to ensure user security, and this crate is not for maliciously skirting around restrictions.
NOTE: you must have the
--talk-name=org.freedesktop.Flatpak
permission enabled and already that is the biggest hole in the sandbox we can make. Use this library with extreme caution.
- Running any regular app that you'd rather not figure out the sandboxing for - Please please please use Flatpak's sandboxing whenever possible.
What this crate is for:
-
Apps that must run on the host, and have no other choice.
-
Apps that need to run a specific part of its functionality on the host
Examples of apps that would need this crate:
-
Apps that modify and use the host's flatpak installations: (for example, Flatrun)
-
Apps that aren't built by the packager, and have otherwise no way to package the app under Flatpak's sandboxing (very rare).
-
Apps that require system services
WARNING: Packaging these apps through flatpak might be a bad idea because we can't ensure dependencies exist on the host system!
Example usage
Run your program unflatpaked
// src/main.rs
fn main() -> Result<(), MyError> {
if flatpak_unsandbox::unsandbox(None)? {
return Ok(())
}
// Unsandboxed functionality here...
}
Run another program unflatpaked
// src/main.rs
fn main() -> Result<(), MyError> {
// Sandboxed functionality
// Ensure this other program ran
if !flatpak_unsandbox::unsandbox(Some(Program::new(
"/libexec/my-agent-program", None)
))? {
return Ok(())
}
// More sandboxed functionality here...
}
Contributing
Not much needs to be updated for this crate, but if there are issues with it, you may submit a bug report or attempt to fix the issue and make a PR!
Dependencies
~7–15MB
~220K SLoC