Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiahz54gzjcnfsumx3cx2yoiyknttv5tw4om44dwxpergr7vhweuwu",
    "uri": "at://did:plc:yrn4rbgwenb6lfhhzjegbtnc/app.bsky.feed.post/3mmd6dawt4ja2"
  },
  "path": "/t/sandboxing-stopped-all-installed-flathub-apps-have-access-to-all-folders-and-files-outside-their-sandbox-what-could-cause-this-challenge/12244#post_2",
  "publishedAt": "2026-05-20T21:48:19.000Z",
  "site": "https://discourse.flathub.org",
  "textContent": "I would assume that the only issue here is an misunderstanding.\n\nYes, an Flatpak can gain default access to selected folders by having a `filesystem` permission set.\n\nHowever, there is a second system to access user files, which is the FileChooser portal. As a very basic explanation: Over the portal, the application tells the system it wants to open or save a user-selected file. The system then shows the user the file picker, outside of the sandbox or control of the application, to pick the file. Then the system grants the application access to only the selected file.\n\nNow, to the user, this process is transparent. Because the assumption is that a user would want an application to have access to a file they selected.\nAnd since the portal access is granted separately over an secure process, it is not governed by the `filesystem` permissions. The application will still only be able to have access to the files you have granted it access to.\n\nSo, based on my reading of your issue, this should be a non-issue.\n\nBut, if you want to confirm the sandbox is really working, here is a quick test you can do:\n\nRun `flatpak run --command=bash org.freedesktop.Platform//25.08`. The Freedesktop runtime has no permissions whatsoever. So, if you then try to use access files from your home using `ls` or `less` or any other command inside the sandbox, it should not even able to know about the files.\nIf that is not the case, then there is an issue. Otherwise, it is likely the misunderstanding mentioned previously.",
  "title": "Sandboxing stopped: All installed Flathub apps have access to all folders and files outside their sandbox. What could cause this challenge?"
}