Erick555

This [comment](https://github.com/flatpak/flatpak/issues/4405#issuecomment-917650757) specifically uses `/dev/video*` example. I guess plugging in/out usb webcam isn't something unthinkable. Personally I do /dev filtering with pure bubblewrap (which is what flatpak uses under the...

Seccomp filters are stackable, I think all browsers already use their own tight seccomp filtering on top of what flatpak uses. Any app can do that, you don't need flatpak...

yes, seccomp filtering can be done per process

This issue is about users specifying seccomp filters or app maintainers doing so which isn't possible right now (whether it's really needed it's another question).

Changing default will affect everyone who rely on current behavior - ccache not being enabled. I think default shouldn't be changed.

flatpak 1.14.4 doesn't contain this commit (none flatpak release does yet).

what's the output of: `sysctl user.max_user_namespaces`?

The fix is slightly different than I described. Instead of exporting those variables in environment, they have to be passed as config args for qmake like: `qmake QMAKE_CFLAGS="$CFLAGS" QMAKE_CXXFLAGS="$CXXFLAGS" QMAKE_LFLAGS="$LDFLAGS"`...

@alexlarsson any idea?

There was some discussion about [seccomp perf](https://lore.kernel.org/linux-security-module/[email protected]/T/#u) in lkml not so long time ago you may want to look at.