Flatseal should be included in the settings

Like what kde 5.27 have done flatseal should be in the settings so it is easier to manage permission of flatpak apps.


Settings is struggling with lack of manpower, besides Flatseal is targeted at technical/power users, and therefore does not align with GNOME Settings’ current direction from my understanding.

1 Like

In other words, the reason for not including them is that modifying some permissions can break apps.

kde just implemented that same feature in 5.27

okay this is a problem. just like android having app permission in settings make sense.

KDE implemented them, but KDE is not GNOME…

To implement them, I think that (1) they need to be human readable and (2) a system for apps to declare what they support so they don’t get broken is needed.


Flatpak static permissions are intended to be used by developers and testers, not by end users. Exposing this in settings would require rethinking the flatpak security model.

What Flatseal (and now KDE Plasma) does is actually backwards from how it should be exposed to users. Exposing “grant” as a setting is almost certainly going to do the wrong thing. The only setting that makes sense here is “revoke” and then the app needs to have a way to know the permission was revoked so it can show a message telling you to go into settings to grant the permission again. See iOS or Android for how that is supposed to work.


I’m agnostics on “should flatseal be there by default”, but… I think that there is some amount of “should this app be allowed to do that?” which does belong in users’ hands. Many (especially open source) developers care about user privacy, but as flathub is moving towards marking apps as specially trusted because they are under developer control and adding monitization… maybe that won’t really hold.


The alternative is to work on other portals (regarding files):

  • Neighboring Files (discussion is active);
  • Write On Demand;
  • Share (with other apps, with devices, over the network).

Android, at least, requires user intervention for at least some permissions to be granted — I don’t need to go out of my way to preemptively revoke them. Additionally, it removes permissions automatically from apps that haven’t been used in a while, requiring the app to re-request access from the user.


i think as system going towards immutable structure like what silverblue or suse-microos even new vanilla os and elementary os is planing implement abroot so it is really important for a modern system to have this request for permissions of system like storage camera microphone and maybe also network permission.

I fear that because users trust their flatpak apps, they’re probably mostly using flatseal to add permissions rather than remove them. That said, this is a good idea IMO.


so suppose a app like vscode Flathub—An app store and build service for Linux that you have installed and after having all extensions you don’t want it to connect to internet. so it cant collect data. same for many apps so having that in settings make sense

Probably you do not actually want to do that with vscode, that is an example of how to break apps. The extensions are updated pretty frequently so you need to be able to check for updates for them. Also it has an embedded terminal so if you try to use something like pip or npm to build a package from within then that will break too. Instead you may want to look into disabling telemetry or using another distribution of it like VSCodium.

it will still collect data. i trust microsoft.

yes this is a good option but does not have all extension support

If you want to use the closed source Microsoft extensions and get updates for them without breaking anything then yes, that is just something you have to accept. You cannot really hack around these issues with proprietary code by changing the sandboxing, that is just the “price” they have decided you must pay for those extensions.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.