should i be worried installing these two? what does it mean though?
(these are captured from Pop! OS software manager)
Flatseal: well that’s normal, it can’t control Flatpak’s access controls if it is itself sandboxed. Even if it was sandboxes, it could just grant itself everything.
For Xournal: it’s probably because it doesn’t support portals or whatever, so it can’t use the open file dialog to get permissions. So it needs to be able to get to your files somehow to open them.
In both cases, it just means its permissions model is more like regular applications you’d get from your package manager. If you install Xournal with apt/dnf/pacman it also won’t be sandboxed.
The point of sandboxing is you can run applications you don’t trust too much, or significantly reduce the blast radius if say, your browser gets breached: then it has another barrier to overcome to reach anything other than the browser’s own data. The lack of sandboxing doesn’t inherently imply the app is evil or will hack you. It just means it doesn’t have the extra protection around it. So like, probably don’t open sketchy PDFs in it, but I wouldn’t stop using the app solely because it lacks sandboxing.
I think the problem with xournal is that it cannot ask a file portal to give it access to two related files at once. “I want to let the user pick foo.pdf.xournal, and also give me access to foo.pdf”. So the next best thing is to give it the “access any damned file” permission, and let Xournal grab whatever it wants. You get the same problem with video players - you could take away their permission to open-any-file, but then they won’t be able to pick up a related subtitle file.
No, you don’t need to be worried. For example, Flatseal is a program to manage other flatpaks. This means that, by design, it needs to be able to grant flatpaks certain permissions that may expose them to system services they need to operate correctly.
One user mentioned that these new warnings aren’t particularly helpful, because they don’t give a good explanation of what or why, and they just foster anxiety in users who just want to install an otherwise reputable flatpak.
I don’t know anything about xournal++, but I would imagine it’s also reputably safe, and somebody else can verify for sure.
Yeah Xournal++ is probably the best hand-written note taking and PDF annotation program available on Linux, it’s pretty well known. The system settings permission is to honor some global settings you might have enabled, and the file system access is so you can save and open stuff from anywhere, I assume.
Sorry for the off topic, what’s the best device to use xournal++ in your opinion? MS Surface? I guess you have used some hand-written note taking apps before since you wrote this, so you’re more experienced than me for sure!
Never owned a Surface, so can’t comment on that, but I’m very happy with my One by Wacom (not to mix with Wacom One :p). It’s fairly cheap as far as these types of tablets go, it’s very responsive (I have 144Hz displays and it’s so nice to use), has a nice sueface roughness, it’s plug-and-play on Linux and has 0 maintenance (no batteries to swap).
What I like with my setup is that, contrary to traditional writing on paper, I can sit properly, looking forward, avoiding some bad neck and back pain I usually get otherwise.
Flatseal’s job is to do that. As for the note app, that’s not great, but you can use flatseal to take away those permissions after installation.
Its a silly default. Might also be to allow people to edit /etc configs with the app since its a basic editor. With enough dummies complaining about “doesn’t work can’t access files in <directory>” the dev may have set that to reduce negative review bloat (seriously look at the flatpak and snap stores and the number of bad reviews due to people not understanding the permissions system).
I would be turning that off immediately until I knew how trustworthy the app was or not installing it, just saying I can see where that default setting might be coming from.
Flatpak could use a permissions prompting api, so a prompt could be displayed to the user when they try to access a file outside the permissions scope, but that’s probably a lot of work to get in place. Maybe something we’ll see in flatpak in a few years.
Until then I think there needs to be some way to point new users to Flatseal and a summary of what these warnings imply and how to grok them.
The first one allows Flatseal to edit the permissions of Flatpak apps including itself.
System folder access allows a app to read the filesystem. (But not system internals)
System settings access allows the app to change settings
So the only concerning one is Xournal. However, I happen to know that it doesn’t support XDG portals which is how apps ask for permissions to files so it needs full file access. As for the system settings I have no idea.
Every app with home or even host access can modify its own permissions.
This is why apps need to implement portals.
