Despite wayland allowing a much tighter security model, the implementation is left to compositors. Here mutter developers have decided just to not care and hide behind the fact that it can be mitigated with flatpak.
Of course, not everybody uses flatpak, and even then the user has no control or visual feedback on what is happening.
There is no value in enforcing stricter policy in mutter if package in question is installed as root (which happens with apt/rpm packages, but non-sandboxed flatpak/snaps too).
There is work needed to make it work, but the first step should be to not have package have root access during installation, or else it could disable any protections on the mutter level.
Observability sounds like a nice feature that you should push for independently.
2 comments
[ 1.7 ms ] story [ 7.0 ms ] threadOf course, not everybody uses flatpak, and even then the user has no control or visual feedback on what is happening.
There is no value in enforcing stricter policy in mutter if package in question is installed as root (which happens with apt/rpm packages, but non-sandboxed flatpak/snaps too).
There is work needed to make it work, but the first step should be to not have package have root access during installation, or else it could disable any protections on the mutter level.
Observability sounds like a nice feature that you should push for independently.