On Mon, Sep 8, 2025 at 5:08 PM Justin Forbes <[email protected]> wrote:
> The same way that this change would enable it for everyone... So no, a > completely unprivileged program cannot load a kernel module, but > installing a package can certainly add the ntsync.conf file to load > the module by default on that system. I would certainly prefer some > sort of runtime so it isn't even loaded if it isn't going to be used, > but at the very least let's not load it on any system where there is > no package installed which would use it. > I understand the answer and the concerns, but I'm sad that we don't have a good technical answer for the future where we're heading - installing apps as mostly Flatpaks from a non-Fedora store. Specialized distributions like Bazzite will have such features enabled and will come ahead in out-of-the-box gaming tests. Some knowledgeable users will be able to achieve parity on their Fedora, but the general perception will be clear. If we deem the ntsync module too risky to enable it by default at least on desktops (and not all systems), then the only out-of-the-box solution I see here is if Flatpak apps gained the option to ask the host system for some well-defined "capabilities". And the host could provide those capabilities, if available. I think this could be useful in general, not just for kernel modules, but it would require more Flatpak development and standardization of possible capabilities requests. I think it's a sane idea, but so far I haven't heard of anything like that being in development.
-- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
