On Sunday, April 21st, 2024 at 10:06 PM, Solar Designer <so...@openwall.com> wrote:
> In what exact way would nested namespaces bypass the security design of > Flatpak? Is this about the kernel's attack surface exposed by > capabilities in a namespace or something else? I guess capabilities are > also dropped in the nested namespace? In flatpak, apps in container communicate with host through portals[1] using dbus. Portals identify particular app through unique appid (i.e. "org.mozilla.firefox" for firefox) and grant some permissions according to that. appid is read from /.flatpak-info that exist inside container and is immutable there. If namespaces were available inside sandbox then malicious app could leverage mount namespace to mount crafted /.flatpak-info containing arbitrary data and lie to the portal about appid - it could tell portal that it's org.mozilla.firefox when it isn't. [1] https://github.com/flatpak/xdg-desktop-portal Jordan
