Share=ipc and Wayland in Linux (Immutable Fedora Silverblue, Fedora Kinoite and others)

Considering that the share=ipc is optional (necessary only for X11), but all flatpaks send it enabled, I ask:

Is it safe to disable share=ipc on all flatpaks when using the Wayland window system on Linux, even in applications that work only with the X11 socket activated?

Is it safe to disable this option in Brave Flatpak?

What are the considerations about increasing privacy in choosing to disable this option in Flatpak apps? (e.g., lower attack surface and lower chance of data leakage between apps?)

You can layer a proper RPM on top of Kinoite and Silverblue so flatpak isnt the recommended for Brave to be installed.

I try to disable everything I can on flatpaks via Flatseal and see what breaks. I start from what sounds least important to most important. If the apps work or has minor issues, I keep it disabled.

3 Likes

I have no knowledge of Linux, but I liked GNOME and KDE, and also how they are private compared to Windows.
I am afraid, but his attitude seems pleasant. I will try this approach.

Thank you!

Since you didn’t disclose what desktop environment you use (or plan to use), it is worth noting that KDE has a built-in permissions manager for Flatpak applications in its System Settings. You still need to install Flatseal for GNOME, as @HauntSanctuary shared.

6 Likes