Flatpak 1.0 Released, Could Be the Best Decentralized Linux App Sandboxing Tool

The Linux app sandboxing tool Flatpak 1.0 (previously known as XDG-App) has been released as their new stable release series. Flatpak packages GNOME in the main runtime, and is advocated for by at least 16 different Linux distributions.

One of the main differences between Flatpak and similar tools like Snap is that Flatpak is entirely decentralized from, for example, the Canonical store, and also Flatpak utilizes a collection of oneshot applications that perform their task and exit, instead of a daemon that runs in the background.

Flatpak is also heavily pioneering the portal design where all system access is done through a portal application that lives outside of the sandbox, something that Snap seems to be working towards support of as well.

Flatpak 1.0 is delivering faster app installations and updates and performance improvements, as well as the concept of end-of-life apps, permission improvements, and a new portal that allows apps to create sandboxes and restart themselves. Also includes is OCI bundle support enhancements, apps being able to request host SSH agent access, Bluetooth device access support, and just a whole handful of other improvements.

Here is a summary of the most notable changes in this Flatpak 1.0 release:

  • Faster installation and updates.
  • Applications can now be marked as end-of-life. App centers and
    desktops can use this information to warn users who have an end-of-life
    version installed.
  • Permissions now use an up-front verification model: users are
    asked to confirm app permissions at install time, if an update
    requires additional permissions, the user must also confirm.
  • new portal
    allows apps to create sandboxes and restart themselves. This allows
    applications to restart themselves after they have been updated (to
    start using the new version), and to increase sandboxing for parts
    of the application.
  • flatpak-spawn is a new tool for running host commands (if
    permissions allow) and creating new sandboxes from an app (this
    uses the above portals APIs).
  • Apps can now export D-Bus services for all the D-Bus names they are
    privileged to own (rather than just the application ID).
  • Flatpak’s support for OCI bundles has been updated to the latest
    specification. Also, AppData can now be distributed through OCI
  • Host TLS certificates are now exposed to applications, using
    p11-kit-server. This removes a point of friction when accessing
    network services in some environments.
  • Apps can now request access the host SSH agent to securely access
    remote servers or Git repositories.
  • A new application permission can be used to grant access to
    Bluetooth devices.
  • A new fallback-x11 permission grants X11 access, but only if the
    user is running in a X11 session. For applications that support
    both Wayland and X11, this can be used to ensure that the app
    doesn’t have unnecessary X11 access while in Wayland, but still
    works in an X11 session.
  • Peer-to-peer installation (via USB sticks or local network) is now
    enabled and supported by default in all builds.

The Flatpak command line also introduces new commands and options, including:

  • uninstall –unused automatically removes unused runtimes and
    extensions (if you’ve removed all apps that depend on a runtime, or
    all the apps you had depending on it have upgraded to a newer
  • New info options, including –show-permissions,
    –file-access, –show-location, –show-runtime, –show-sdk.
  • repair – fixes broken installs by scanning for errors, removing
    invalid objects and reinstalling anything that’s missing.
  • permission-* – allows interaction with the portals permissions
    store. This is useful for testing and for getting back to a clean
  • create-usb – can be used to prepare an repository to be used as a
    local updates source.

Finally, the command line has a collection of other improvements, such as:

  • If –system or –user aren’t specified, one is automatically
    picked if it is obvious (or it will ask if the correct option isn’t
  • The install, update and uninstall commands now ask for
    confirmation of changes before proceeding, in order to prevent
    mistakes, and to show the required application permissions.
  • The uninstall command now does not allow you to remove a runtime
    if some installed application requires it.
  • flatpak remove is now an alias for flatpak uninstall.
  • Flatpak no longer requires a filesystem that supports xattr.
  • Portals are now more cleanly separated from Flatpak, thanks to the
    document portal and permission store having been moved to
    xdg-desktop-portal. It is recommended that the flatpak package has
    a weak dependency on xdg-desktop-portal.
  • libflatpak now has a transaction API for install, update and
    uninstall operations. This means that it is much easier to use as
    the basis of app centers and other graphical app management
  • Flatpak now sets several HTTP headers when installing applications,
    which make it easier for Flatpak repositories to log things like
    app download statistics and Flatpak versions in use.
  • It is now recommended that Flatpak packages add a dependency on
    p11-kit-server, as this allows apps to access host
    certificates. However, this does not need to be a hard dependency.
  • Requires bubblewrap 0.2.1 or later, and comes bundled with 0.3.0.
  • Requires OSTree 2018.7.
Kamil Anwar
Kamil is a certified MCITP, CCNA (W), CCNA (S) and a former British Computer Society Member with over 9 years of experience Configuring, Deploying and Managing Switches, Firewalls and Domain Controllers also an old-school still active on FreeNode.