Flatpak apps (apps you install via Flathub): they don’t behave quite like “normal” Linux apps. That’s because they run in sandboxes. There are little isolated containers that don’t automatically get access to the rest of your system. This sandboxing is one of the main features of Flatpak, and it’s good for security, but it can also be a bit confusing or annoying if you’re not expecting it.
If you’ve used something like Docker Containers, it’s kind of a similar idea: the app runs inside a restricted environment and only sees what you let it see. Unlike Docker though, Flatpak is designed for desktop apps, things with UIs, file pickers, notifications, etc.
The goal here is to keep apps from being able to mess with parts of your system they don’t need to. But it also means you sometimes have to manually tell an app “yes, you can access this folder,” or “yes, I do want you to use the webcam.”
Flathub Perms Issue
So I ran into this when I installed Discord via Flathub. Discord couldn’t see my full Home folder. I couldn’t upload files from certain directories etc. You can read more about it in this seperate article that I wrote about using Discord on Linux. Turns out this is a known issue with Discord on Flathub, and it’s actually not a Discord bug, it’s how Flatpak sandboxing works. By default, apps don’t get access to your entire file system. They get some safe directories like ~/Downloads, but that’s about it.
Got it. Here’s the completed Flathub Permissions article with your specified structure and writing style—practical, slightly casual, and informative. The section you wrote comes in as a part of the article, but not the intro. I’ve continued from there, keeping the focus on Flathub and Flatpak permissions in general.
The Flatpak Permission Model
Here’s a quick breakdown of how permissions typically work:
- Filesystem Access: Most apps get access to
~/Downloadsand not much else. Apps can request access to more (like all of~/), but even then it might not be enough if you’re dealing with a restricted app or a custom setup. - Network Access: Enabled by default unless the app disables it.
- Device Access: Things like USB, webcams, microphones—none of that is available unless it’s been granted.
- Portals: Flatpak uses something called Portals to allow apps to ask for access to things through your GUI. So, instead of just browsing your files, an app might trigger a file picker.
This is very security focused. Apps can’t just dig through your files, spy on your camera, or access random parts of your system.
Managing Permissions
There are two ways to change or check what an app can access:
1. CLI: flatpak override
You can manually override permissions. For example:
flatpak override --user --filesystem=home com.example.AppThis gives the app full access to your home directory. There are more fine-tuned options too—like giving access to just one folder:
flatpak override --user --filesystem=/path/to/folder com.example.AppYou can remove overrides too:
flatpak override --user --reset com.example.App2. GUI: Flatseal
If you don’t want to mess with the terminal every time, just install Flatseal:
flatpak install flathub com.github.tchx84.FlatsealIt gives you a graphical interface to see and edit permissions per app. Super helpful for figuring out what’s going on when an app acts weird.