Flatpak 1.12 Released with Better Support for the Steam Linux Runtime Mechanism, More

Flatpak 1.12

Alexander Larsson released today Flatpak 1.12 as the newest stable series of this open-source and powerful Linux application sandboxing and distribution framework for modern GNU/Linux distributions.

Flatpak 1.12 comes eight months after Flatpak 1.10 as the new stable series that introduces numerous new features and improvements. Highlights include better support for the Steam Linux Runtime mechanism, allowing Steam to launch games with its own container runtime as /usr.

In fact, this new feature allows any subsandbox to have a different /usr and/or /app. Also new is support for TUI (text-based user interface) programs like GNU Debugger, support for Flatpak instances of the same app-ID to share their /tmp or /dev/shm directories, as well as their $XDG_RUNTIME_DIR.

It also now makes use of the GNU Bison general-purpose parser generator for building parse-datetime.y, improves the error checking mechanism, improves handling of refs that belong to more than one architecture, and improves the error message for the sudo flatpak run command.

Furthermore, Flatpak now lets you specify the Flatpak binary to use during exports, exposes /etc/gai.conf to the sandbox, handles cases where /var/tmp is a symlink, provides information about security support and security vulnerability reporting, and handles missing /etc/ld.so.cache (musl).

Of course, bug and security fixes are also present in this new stable Flatpak series. One of the most important security fixes is for a vulnerability discovered in the portal support, allowing the application to create sub-sandboxes that can confuse the sandboxing verification mechanisms of the portal.

Flatpak 1.12 is available for download right now from the project’s GitHub page. Linux OS maintainers are recommended to use bubblewrap 0.5.0 when compiling Flatpak, but not required.

bubblewrap 0.5.0 brings better diagnostics when a --bind or other bind-mount fails, silences kernel messages for bind-mounts, adds support for mounting a non-directory over an existing non-directory, adds support for creating non-directories with safer permissions, and improves the ability to bind-mount directories on case-insensitive filesystems.

Update: Flatpak 1.12.1 was released shortly after version 1.12.0 to fix a bug where the security fix in the previous release failed when used with some older versions of the libseccomp library that aren’t aware about the new syscalls.

Last updated 2 years ago

Buy Me a Coffee at ko-fi.com