Skip to content
This repository was archived by the owner on Jun 7, 2026. It is now read-only.
This repository was archived by the owner on Jun 7, 2026. It is now read-only.

Phase 8: sandboxed-app identity (Flatpak/firejail/bwrap) #35

Description

@timkicker

Sprint D's identity resolver assumes /proc/{pid}/exe points at the actual app binary. For sandboxed processes (Flatpak, firejail, bwrap) it points at the sandbox wrapper, not the real binary. Identity resolution silently mis-routes such apps as UnknownBinary or system.

Needs: detect sandbox wrapper (e.g. bwrap, flatpak-bwrap), drill down to the contained-app binary path via /proc/{pid}/cwd or sandbox-specific introspection, map to app_id.

Phase 8 work since first-party apps come first; defer until Flatpak-installed third-party apps are real.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions