"AM" 6.12
Better sandboxing method for your AppImages!
Dropping Firejail for "Aisap", Bubblewrap frontend
Since version 5.3 you can use the --sandbox option to run AppImages using a sandbox, but from now Firejails has been dropped in favour of "Aisap", a Bubblewrap frontend for AppImages. The now obsolete --firejail option has been removed as well.
This method works as follows:
am --sandbox $APP
or
appman --sandbox $APP
- if the "aisap" package is not installed, you will be asked if you want to install it via "AM"/AppMan;
- requires replacing the symlink in $PATH with a script;
- to work, the Appimage will be set to "not executable", and the AM-updater will also have its
chmodcommand set toa-xinstead ofa+x.
The default location for the sandboxed homes is at $HOME/.local/am-sandboxes, but that location can be changed by setting the $SANDBOXDIR env variable.
To restore the use of the AppImage without sandbox, you need to run the application command with the "--disable-sandbox" option:
$APP --disable-sandbox
Scenario, you've installed "Anydesk" and you want it to be sandboxed as first, but "Aisap" is not installed, so the new --sandbox option prompts if you want to install it before. In this video I anso enable/disable the sandbox for both Anydesk and Lxtask:
simplescreenrecorder-2024-06-15_20.15.46.mkv.mp4
NOTE, "AM" users will need to use the root password to replace the symlink in $PATH with the script, while AppMan users will need to close the terminal for the changes to take effect.
For more information aboit "Aisap", visit https://github.com/mgord9518/aisap
DISCLAIM: at the time of writing, "Aisap" is still experimental and the supported profiles are still few compared to the number of applications in this database. For example, in the video above, Lxtask was running in sandbox, Anydesk was not. So not all apps will run in sandbox. A Flatseal-style tool for Flatpak would be needed, but it is not available at the moment. Please support the "Aisap" project as much as you can.
Below are useful links to the official "Aisap" documentation:
- Available profiles are listed at https://github.com/mgord9518/aisap/tree/main/profiles
- To learn more about permissions, see https://github.com/mgord9518/aisap/tree/main/permissions
EXTRA: The behavior of this option can be tested in a completely standalone way by consulting the repository of its creator, at Samueru-sama/aisap-am
Thanks to:
- https://github.com/Samueru-sama/aisap-am by @Samueru-sama for the new --sandbox option
- https://github.com/mgord9518/aisap by @mgord9518 for "Aisap"
Other changes:
- Fix an inconsistency in "install.am" during patching the installation scripts for AppMan e6f1e27
- Fix a bug with suboption --debug and --force-latest in "install.am" ae3266d
- There are now 2034 installation scripts for the x86_64 architecture available in the database
Full Changelog*: 6.11...6.12
