During guadec someone was asking me how do we get flatpak-builder to work inside containers. I can't remember the handle/nickname of who it was, though I do remember the face, but the answer is that we are using a custom seccomp policy that we pass to podman/docker

Something like this:

--cap-drop all --security-opt seccomp=flatpak.seccomp.json

And the file is here: https://github.com/gnome-infra/ansible/blob/master/roles/gitlab-runner/files/flatpak.seccomp.json

#guadec #guadec2025 #flatpak