Hi Simon, Simon McVittie <s...@debian.org> writes:
> Flatpak's approach to this is to use bind-mounts (in a new mount > namespace set up by bubblewrap) so that the "app" (the leaf package, > together with any libraries that are bundled with it) always appears > to be installed in --prefix=/app, which can safely be hard-coded into > binaries that are built as Flatpak apps. I can see the use cases for desktop, but this is the restriction of Flatpak for shared HPC servers: not all administrators are willing to grant the users the seccomp and permission for creating new namespaces, and not all administrators will upgrade or recompile kernels to support namespaces. If /app is not available, it is difficult for a user to override the hardcoded /app of Flatpak into /home/user/app. In principle, we can create an _appdebian_ by hardcoding /app to every debian package, not unlike hardcoded /system in Android systems. Cheers, Benda
