Package: geoclue-2.0 Version: 2.5.7-2 Severity: normal Geoclue's detection whether something is a flatpak (and hence gets to be asked for authorization) relies on /proc/<pid>/cgroup parsing. That changed for cgroup v2 (which is in use on bullseye) misdetecting flatpaked apps and hence granting access. Possible patch is here:
https://gitlab.freedesktop.org/geoclue/geoclue/-/merge_requests/81 If I understood things right it has the security implication of allowing all flatpaked apps access to the location service (which is confirmed by running `flatpak run org.gnome.Maps` and access is granted to the location service without asking for user permission). Cheers, -- Guido -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing'), (500, 'testing-debug'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf, arm64 Kernel: Linux 5.10.0-3-amd64 (SMP w/4 CPU threads) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages geoclue-2.0 depends on: ii adduser 3.118 ii libavahi-client3 0.8-5 ii libavahi-common3 0.8-5 ii libavahi-glib1 0.8-5 ii libc6 2.31-9 ii libglib2.0-0 2.66.7-1 ii libjson-glib-1.0-0 1.6.2-1 ii libmm-glib0 1.14.10-0.1 ii libnotify4 0.7.9-3 ii libsoup2.4-1 2.72.0-2 Versions of packages geoclue-2.0 recommends: ii avahi-daemon 0.8-5 ii iio-sensor-proxy 3.0-2 ii modemmanager 1.14.10-0.1 ii wpasupplicant 2:2.9.0-20 geoclue-2.0 suggests no packages. -- Configuration Files: /etc/geoclue/geoclue.conf changed [not included] -- no debconf information
