I was going to going to ask this question because Steam Flatpak was listed as last being updated May 2023, but they just updated it yesterday. That’s still about 9 month between updates.

In general if I am on rolling release like OpenSuse Tumbleweed is my Steam package and Mesa drivers going to be more up to date then what the Steam Flatpak provides or are they updating the Flatpak and dependencies more frequently then the Discover app is suggesting?

  • mox
    link
    English
    13
    edit-2
    10 months ago

    Components like that come from separate flatpaks (e.g. the Freedesktop Platform) or the Steam runtime (updated by Steam).

    • millionOP
      link
      fedilink
      English
      210 months ago

      Makes sense, I was wondering how that worked when I saw some of those in my list. Is that another layer to the flatpak, like a Docker layer or are Flatpaks allowed out of their sandboxes to talk to other Flatpaks?

      • mox
        link
        English
        6
        edit-2
        10 months ago

        A flatpak can name extensions that are mounted into the running container if they’re installed.

        or are Flatpaks allowed out of their sandboxes

        Be careful when thinking of flatpaks as sandboxes. What they confine is (by default) up to the maintainer of each flatpak, and most of the ones I have audited are very permissive.

        You can mitigate this somewhat by editing the permissions of each flatpak before running it for the first time, with the command line or a GUI like flatseal. But that only goes so far, since some of the permissions are not fine-grained enough to provide meaningful sandboxing while still allowing games to run. (For example, shared memory and network access.) You might also consider creating a second linux account just for games, and logging in to that account’s desktop when installing or running them.

        A Flatpak container is better than nothing, and will probably keep you safe from most programming mistakes, but I wouldn’t consider it a security/privacy sandbox by any means. If you want that, a hypervisor-based virtual machine would be better.