this post was submitted on 10 Feb 2025
49 points (90.2% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
58821 readers
349 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
🏴☠️ Other communities
Torrenting:
- !seedboxes@lemmy.dbzer0.com
- !trackers@lemmy.dbzer0.com
- !qbittorrent@lemmy.dbzer0.com
- !libretorrent@lemmy.dbzer0.com
Gaming:
- !steamdeckpirates@lemmy.dbzer0.com
- !newyuzupiracy@lemmy.dbzer0.com
- !switchpirates@lemmy.dbzer0.com
- !3dspiracy@lemmy.dbzer0.com
- !retropirates@lemmy.dbzer0.com
💰 Please help cover server costs.
![]() |
![]() |
---|---|
Ko-fi | Liberapay |
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Check your flatpak permissions for starters.
Flatpak apps operate more like containers and not a full blown sandbox, unless that has changed recently.
This is an interesting blog post on the subject: https://hanako.codeberg.page/
Also, try
flatpak run org.mozilla.firefox
to see if you can launch a browser manually.Disclaimer: It's been a bit since I have used flatpak, so take that into account. However, I do work in security by trade, so my quick notes may point you in a decent direction at a minimum.
After a quick read over some parts of the article, and looking into the Bottles flatpak manifest, I don't think the sandbox escapes listed apply to Bottles - as long as you are exclusively using Wayland-compatible apps besides your games.
Sadly electron is still a pita, so closing Discord and VSCode while gaming would be necessary (or restrict their host access, which would break sharing files in Discord and many more things in VSCode).
So yes, I sadly have to agree, don't rely on a sandbox, unless your not running X11.
Luckily wine will soon support Wayland, so removing X11 access from Bottles would break this specific sandbox escape. Otherwise I do think flatpak/bubblewrap sandboxing is pretty solid.