Hi. On Sun, Apr 07, 2019 at 04:59:41PM +0300, Georgios wrote: > Thanks for your help! > > So flatpak and apparmor are not compatible.
So it seems so far. I haven't looked at bwrap code, it's possible they set some Apparmor policy there (LXC does it, for instance). Or not, considering who wrote flatpak. > Well what about selinux? And the SELinux is based on filesystem labels. I suppose that it's possible to relabel the contents of /var/lib/flatpak with the custom labels after installs/upgrades (and maybe even do it automatically), and build your policy based on those labels. But I cannot help you here - my SELinux skills are somewhat rusty - it's been nearly ten years since I dealt with SELinux on daily basis. > I was thinking moving from apparmor to selinux sooner or later but I > already had a working system that I didn't want to mess. > > If selinux is supported I guess I should consider making the transition. I'd be surprised if flatpak did not have such support - the thing's written by Red Hat (goto guys for SELinux). Reco
