Bazzite leverages Flatpak to provide a secure, isolated, and sandboxed environment for running desktop applications. This approach enhances stability and security by isolating applications from the core system and from one another. In this document, we expand on the core Flatpak documentation by explaining why Flatpak is used in Bazzite, outlining its advantages, and providing a detailed guide on using Flatseal for application permission management.

Why Use Flatpak in Bazzite?

Flatpak is integrated into Bazzite to address several key needs:

• Sandboxing: Each Flatpak application runs in an isolated environment, reducing the risk of system compromise from application vulnerabilities.
• Dependency Management: Flatpak bundles all required dependencies with the application, ensuring consistency across different systems and minimizing conflicts with system libraries.
• Portability: Applications distributed as Flatpaks can run on any Linux distribution that supports Flatpak, providing greater flexibility and reach.
• Atomic Updates and Rollback Mechanisms: Flatpak supports atomic updates and mechanisms for rollbacks. If an update fails or causes issues, you can revert to a previous, stable state.
• Enhanced Security: By isolating applications, Flatpak minimizes the potential damage a compromised application can cause, safeguarding system resources and data.

Installing and Managing Software with Flatpak

Bazzite includes native support for Flatpak, making it straightforward to install and manage applications.

Adding a Remote Repository

Before installing applications, you must add the appropriate Flatpak remotes. The most common remote is Flathub. To add Flathub as a remote, run:

This command adds Flathub as a remote repository, making its vast library of applications available for installation.

Installing Applications

With the remote added, you can install applications using:

Additionally, many Bazzite systems ship with a Software Center that integrates with Flatpak. The Software Center makes it easy to search for, install, and manage applications with a graphical interface.

Running Installed Applications

Once installed, you can run your Flatpak application in several ways:

• Command Line Interface (CLI): Launch the application using the command:

• Graphical Launcher: Installed Flatpak applications are typically added to your desktop environment's application menu or Software Center. You can launch these applications using the graphical interface.

Updating Applications

To update all installed Flatpak applications, use:

Flatpak downloads and applies updates atomically, meaning that if an update fails, the previous version remains intact. This reinforces the stability and reliability that Bazzite is known for.

Uninstalling Applications and Cleaning Up Orphaned Dependencies

To remove an application, run:

In addition, Flatpak provides a command to remove orphaned dependencies that are no longer needed:

This helps keep your system lean by cleaning up unnecessary files and dependencies.

Understanding and Using Flatseal

Flatseal is a graphical utility designed to inspect and modify the permissions of Flatpak applications. Because Flatpak apps run in a sandbox, they are granted a set of default permissions that may not always meet the user’s needs. Flatseal provides an easy-to-use interface to adjust these settings.

Why Use Flatseal?

• Enhanced Security Management: By default, Flatpak applications have limited access to system resources. Flatseal lets you tailor these permissions, granting additional access when necessary without compromising overall system security.
• Debugging Permissions: Sometimes applications do not work as expected due to overly restrictive permissions. Flatseal can help identify and modify these settings, allowing you to troubleshoot and resolve issues quickly.
• User Empowerment: Flatseal allows users to adjust application permissions on the fly, offering an alternative to waiting for developer updates or changes.

How to Install Flatseal

Flatseal is available as a Flatpak, but note that other installation methods (such as package managers or building from source) are also possible depending on your preference and distribution support. To install Flatseal as a Flatpak, run:

How to Use Flatseal

Once Flatseal is installed, follow these steps to manage your application permissions:

1. Launch Flatseal

Start Flatseal by running:

This opens the Flatseal interface where all installed Flatpak applications are listed.

2. Select an Application

In the left sidebar, select the application you wish to manage. This will display its current permissions and sandbox settings.

When is this needed? Use Flatseal if an application is misbehaving, requires access to additional system resources (such as hardware devices, file systems, or network interfaces), or if you simply wish to audit its permissions.

3. Review and Modify Permissions

The main panel will display various permission categories such as:

• Filesystem: Controls access to specific directories or files.
• Devices: Manages access to hardware like cameras or printers.
• Network: Configures network access permissions.
• D-Bus Interfaces: Grants access to inter-process communication interfaces.

You can toggle permissions on or off and even add new paths or interfaces as needed.

Why modify these permissions? Adjusting permissions can be critical for customizing the behavior of an application. For example, if a media player needs access to your music directory or a development tool requires additional network privileges, Flatseal allows these changes to be made in a controlled and reversible manner.

4. Apply and Test Changes

After adjusting permissions, close Flatseal and restart the affected Flatpak application for changes to take effect. In some cases, a full logout or desktop restart may be required to fully apply the new settings.

Important: Always test changes with caution. Grant only the permissions that are absolutely necessary to minimize security risks.

Summary and Best Practices

• Flatpak is used in Bazzite to provide a secure, isolated environment for desktop applications, ensuring stability, portability, and ease of management.
• The advantages of Flatpak include sandboxing, dependency management, atomic updates with rollback mechanisms, and enhanced security.
• Use flatpak uninstall --unused to clean up orphaned dependencies and keep your system lean.
• Flatseal is a key tool for managing Flatpak permissions. It can be installed via Flatpak, package managers, or from source. Use Flatseal when:
  • An application is not functioning as expected due to restrictive default permissions
  • You need to grant additional access to an application (e.g., filesystem, devices, network)
  • You want to audit and fine-tune the security settings of your Flatpak applications
• Flatpak applications can be launched via the command line, through graphical launchers integrated into your desktop environment, or via a Software Center.
• Always restart applications, and if necessary, log out or restart your desktop, after modifying permissions to ensure changes take effect.

By understanding and leveraging both Flatpak and Flatseal, users of Bazzite can ensure that their applications run in a secure and well-managed environment while retaining the flexibility to tailor permissions as necessary. This comprehensive approach is in line with Bazzite’s commitment to stability, security, and user empowerment.