[systemsettings] [Bug 503901] New: KDE Device Permissions are Confusing and not up to Flatpak spec

Wed, 07 May 2025 18:50:49 -0700 

https://bugs.kde.org/show_bug.cgi?id=503901

            Bug ID: 503901
           Summary: KDE Device Permissions are Confusing and not up to
                    Flatpak spec
    Classification: Applications
           Product: systemsettings
           Version: 6.3.4
          Platform: Fedora RPMs
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: kcm_flatpak
          Assignee: plasma-b...@kde.org
          Reporter: accou...@chapien.net
                CC: joshiesuha...@gmail.com
  Target Milestone: ---

Created attachment 181050
  --> https://bugs.kde.org/attachment.cgi?id=181050&action=edit
Image demonstrating the two settings I am referring to, as well as the spec for
reference.

SUMMARY
According to the [flatpak
spec](https://docs.flatpak.org/en/latest/sandbox-permissions.html), "device
permissions" being checked (ie device=all) implies that *all* devices are
permitted except for hosting dev/shm, which needs to be checked desperately.
This creates a UX issue where a user can have their device access granted to a
flatpak program, and when there's performance issues, go into permissions and
see that "direct graphics rendering" is unchecked. They may then check it, and
then when they continue to have issues, become frustrated as they erroneously
believed access to the GPU was the issue, despite access *already being
granted*. I myself was in this situation, and only learned that device=all
implies device=dri after reading the spec. This is not user friendly. While I'm
unsure if it's a bug per se, I think this is more severe than a simple request;
it is, in my opinion, a critical UX issue.

STEPS TO REPRODUCE
1. Open Flatpak perms
2. Enable device access
3. Check advanced perms

OBSERVED RESULT
With device access checked, "direct graphics" is still "unchecked"

EXPECTED RESULT
There should be some communication to the end user that "device access" implies
access to direct graphics already.

SOFTWARE/OS VERSIONS
Operating System: Fedora Linux 42
KDE Plasma Version: 6.3.4
KDE Frameworks Version: 6.13.0
Qt Version: 6.9.0
Kernel Version: 6.14.5-300.fc42.x86_64 (64-bit)
Graphics Platform: Wayland
Processors: 16 × AMD Ryzen 7 5800X3D 8-Core Processor
Memory: 31.2 GiB of RAM
Graphics Processor: AMD Radeon RX 7800 XT

ADDITIONAL INFORMATION
As I said, this was something that frustrated me for weeks on end. I was unsure
if I needed the direct graphics rendering checked or not, leading to me
assuming I was having graphics issues, etc. I had to find the flatpak
sandboxing spec for myself to see that checking or unchecking direct rendering
when device access is granted is pointless.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to