Results 1 to 9 of 9

Thread: Run a flatpak with firejail-like --overlay-tmpfs?

  1. #1
    Join Date
    Jun 2016
    Beans
    2,284
    Distro
    Xubuntu 20.04 Focal Fossa

    Run a flatpak with firejail-like --overlay-tmpfs?

    firejail has a handy option --overlay-tmpfs
    Code:
           --overlay-tmpfs
                  Mount a filesystem overlay on top of the current filesystem. All filesys‐
                  tem modifications are discarded when the sandbox is  closed.  Directories
                  /run,  /tmp  and  /dev are not covered by the overlay.  If the sandbox is
                  started as a regular user, nonewprivs and a default  capabilities  filter
                  are enabled.
    
                  OverlayFS  support  is  required in Linux kernel for this option to work.
                  OverlayFS was officially introduced in Linux kernel version  3.18.   This
                  option is not available on Grsecurity systems.
    I would like to be able to use something like this with some apps I have installed as flatpak. But I can't use firejail for this, because flatpak does its own sandboxing, which is not compatible with being inside a firejail sandbox.

    So does flatpak have its own option like firejail's --overlay-tmpfs? If not, is there any other way to achieve the same effect?
    Xubuntu 20.04/Pop!_OS 21.04/System76 hardware ♦ Debian 10/Xubuntu/VirtualBox
    If your questions are resolved to your satisfaction, please use Thread Tools > "Mark this thread as solved..."

  2. #2
    Join Date
    Jun 2016
    Beans
    2,284
    Distro
    Xubuntu 20.04 Focal Fossa

    Re: Run a flatpak with firejail-like --overlay-tmpfs?

    bump
    Xubuntu 20.04/Pop!_OS 21.04/System76 hardware ♦ Debian 10/Xubuntu/VirtualBox
    If your questions are resolved to your satisfaction, please use Thread Tools > "Mark this thread as solved..."

  3. #3
    Join Date
    Jun 2016
    Beans
    2,284
    Distro
    Xubuntu 20.04 Focal Fossa

    Re: Run a flatpak with firejail-like --overlay-tmpfs?

    bump
    Xubuntu 20.04/Pop!_OS 21.04/System76 hardware ♦ Debian 10/Xubuntu/VirtualBox
    If your questions are resolved to your satisfaction, please use Thread Tools > "Mark this thread as solved..."

  4. #4
    Join Date
    Apr 2014
    Beans
    793

    Re: Run a flatpak with firejail-like --overlay-tmpfs?

    Im curious what app you are trying to run. Docker may be more appropriate?

  5. #5
    Join Date
    Jun 2016
    Beans
    2,284
    Distro
    Xubuntu 20.04 Focal Fossa

    Re: Run a flatpak with firejail-like --overlay-tmpfs?

    Quote Originally Posted by Tadaen_Sylvermane View Post
    Im curious what app you are trying to run.
    I don't have a specific app in mind. Could be any app I have installed as flatpak. In practice it'll probably mostly be various web browsers.

    Docker may be more appropriate?
    Some of the time I'm already working in a disposable VM. I find --overlay-tmpfs to be a helpful layer even there.
    Last edited by halogen2; June 10th, 2021 at 08:57 PM.
    Xubuntu 20.04/Pop!_OS 21.04/System76 hardware ♦ Debian 10/Xubuntu/VirtualBox
    If your questions are resolved to your satisfaction, please use Thread Tools > "Mark this thread as solved..."

  6. #6
    Join Date
    Apr 2014
    Beans
    793

    Re: Run a flatpak with firejail-like --overlay-tmpfs?

    Docker by it's nature is immutable. You create an image and it doesn't change. Whatever you do is lost when the container is stopped. There are ways to put browsers into them.

    https://leimao.github.io/blog/Docker...r-GUI-Display/

    I think there are ways to do sound as well but I'm not entirely sure. I know for me I've done Kodi in a docker and piped the pulse audio to a remote pulse server on my lan.

  7. #7
    Join Date
    Jun 2016
    Beans
    2,284
    Distro
    Xubuntu 20.04 Focal Fossa

    Re: Run a flatpak with firejail-like --overlay-tmpfs?

    Just to check: I was under the impression that Docker is VM based. Is this wrong? Would Docker work inside a VirtualBox 6.0.24 VM?

    Can Docker images be set up offline from a host OS that already has everything needed to run the app?
    Xubuntu 20.04/Pop!_OS 21.04/System76 hardware ♦ Debian 10/Xubuntu/VirtualBox
    If your questions are resolved to your satisfaction, please use Thread Tools > "Mark this thread as solved..."

  8. #8
    Join Date
    Apr 2014
    Beans
    793

    Re: Run a flatpak with firejail-like --overlay-tmpfs?

    If you have a local repo when you create the image yes. It will just run. Look up what a Docker file is. Once it's built via the Docker file you can just run it with a terminal command, which could be put in a .desktop file if you wanted.

  9. #9
    Join Date
    Jun 2016
    Beans
    2,284
    Distro
    Xubuntu 20.04 Focal Fossa

    Re: Run a flatpak with firejail-like --overlay-tmpfs?

    Thanks Tadaen_Sylvermane. I read a little about Docker and it seems I maybe actually completely unfamiliar with it and don't understand it at all. I'll need to find time to do a lot more reading about Docker and play with it a bit before getting back to this.
    Xubuntu 20.04/Pop!_OS 21.04/System76 hardware ♦ Debian 10/Xubuntu/VirtualBox
    If your questions are resolved to your satisfaction, please use Thread Tools > "Mark this thread as solved..."

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •