Skip to content

Commit

Permalink
sandbox-permissions: Document directories that are not available
Browse files Browse the repository at this point in the history
  • Loading branch information
@bbhtt
bbhtt committed May 6, 2024
1 parent 5a4cc49 commit d6b73b0
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions docs/sandbox-permissions.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,22 @@ Other filesystem access guidelines include:
- Retaining and sharing configuration with non-Flatpak installations is to
be avoided.

Additionally the following directories from host need to be explicitly
requested with ``--filesystem`` and are not available with
``home, host, host-os, host-etc`` by default:

- ``~/.var/app`` excpet the app's own subdirectory ``~/.var/app/app-id``
- ``$XDG_DATA_HOME/flatpak``
- ``/boot``
- ``/efi``
- ``/root``
- ``/sys``
- ``/tmp``
- ``/var`` - Note that by default ``/var/{cache, config, data, tmp}``
inside the sandbox are the same as ``~/.var/app/app-id/{cache, config, data, cache/tmp}``.
However an explicit ``--filesystem=/var`` will make only ``/var`` from
host available and those will no longer be available.

Device access
`````````````

Expand Down

0 comments on commit d6b73b0

Please sign in to comment.