It’s more like android apps from early versions of Android before the permissions became user-managable.
It won’t prompt you to give the application access to certain permissions, all the permissions are predefined in the manifest by whoever published the application to flathub. When you run the application you just hope it won’t cause too much havoc (you can of course verify the permissions before running it, but I guarantee most people won’t)
Flatpak supports sandboxing but due to how most desktop applications want access to your home folder, network etc many apps simply disable it.
Regardless of the level of sandboxing applied to the app, Flatpak is a great way for a developer to package once run anywhere. Prior to Flatpak, if you wanted to support multiple distros, you had to build a package for each distro or hope somebody working on that distro would do it for you.
Inb4 AppImage was here first. And if you mention Snap then GTFO
Appimage is probably the most similar to a naked .exe in Windows. They are useful for small apps or simple indie games, but I prefer Flatpaks for my everyday big applications.
Agreed, Snaps are like Flatpaks but worse because locked down back end and Canonical’s sketchy nature. Imagine a really delicious pastry that anybody can make and sell, then imagine the same pastry but only one bakery in the world can make and sell it. Which would you prefer? Lol
Keep in mind there are certain permissions that can lead to a sandbox escape. These permissions are banned on Flathub but can still be used by flatpaks files and custom repos.
Interesting breakdown, thank you.
Do you happen to know if the containerization is similar to docker containers? Or more like android apps?
It’s more like android apps from early versions of Android before the permissions became user-managable.
It won’t prompt you to give the application access to certain permissions, all the permissions are predefined in the manifest by whoever published the application to flathub. When you run the application you just hope it won’t cause too much havoc (you can of course verify the permissions before running it, but I guarantee most people won’t)
Flatpak supports sandboxing but due to how most desktop applications want access to your home folder, network etc many apps simply disable it.
Regardless of the level of sandboxing applied to the app, Flatpak is a great way for a developer to package once run anywhere. Prior to Flatpak, if you wanted to support multiple distros, you had to build a package for each distro or hope somebody working on that distro would do it for you.
Inb4 AppImage was here first. And if you mention Snap then GTFO
Appimage is probably the most similar to a naked .exe in Windows. They are useful for small apps or simple indie games, but I prefer Flatpaks for my everyday big applications.
Agreed, Snaps are like Flatpaks but worse because locked down back end and Canonical’s sketchy nature. Imagine a really delicious pastry that anybody can make and sell, then imagine the same pastry but only one bakery in the world can make and sell it. Which would you prefer? Lol
Keep in mind there are certain permissions that can lead to a sandbox escape. These permissions are banned on Flathub but can still be used by flatpaks files and custom repos.
I’m not an expert, but from my understanding, more like android apps.
They aren’t totally isolated like a docker or LXC container would be, but they are generally self-contained.
The Linux Experiment has a really great vid that goes into detail on all common packaging formats in Linux including Flatpaks:
Linux Packaging Formats Explained
It used bubblewrap which is kind of like a chroot.