In a normal workstation (or atomic desktop) install, `flatpak install` itself does not require `sudo`. When running under WSL2, this seems to require some permissions that are not granted. I'm not sure if this is a configuration issue that Fedora can fix as part of the user config, or if it is a limitation in how WSL's kernel and/or systemd configuration. Reproducible: Always Steps to Reproduce: 1. sudo flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo 2. flatpak install org.kicad.KiCad Actual Results: $ flatpak install org.kicad.KiCad Looking for matches… F: An error was encountered searching remote ‘fedora’ for ‘org.kicad.KiCad’: Unable to load summary from remote fedora: Flatpak system operation GenerateOciSummary not allowed for user Remotes found with refs similar to ‘org.kicad.KiCad’: 1) ‘flathub’ (system) 2) ‘flathub’ (user) Which do you want to use (0 to abort)? [0-2]: 1 Required runtime for org.kicad.KiCad/x86_64/stable (runtime/org.freedesktop.Sdk/x86_64/24.08) found in remote flathub Do you want to install it? [Y/n]: org.kicad.KiCad permissions: ipc network x11 dri file access [1] [1] home ID Branch Op Remote Download 1. [✗] org.freedesktop.Sdk.Locale 24.08 i flathub 18.6 kB / 385.7 MB 2. [✗] org.freedesktop.Sdk 24.08 i flathub 421.5 MB / 620.3 MB 3. [ ] org.kicad.KiCad.Library.Footprints stable i flathub < 41.4 MB 4. [ ] org.kicad.KiCad.Library.Packages3D stable i flathub < 875.1 MB 5. [ ] org.kicad.KiCad.Library.Symbols stable i flathub < 10.7 MB 6. [ ] org.kicad.KiCad.Library.Templates stable i flathub < 3.0 MB 7. [ ] org.kicad.KiCad.Locale stable i flathub < 57.2 kB (partial) 8. [ ] org.kicad.KiCad stable i flathub < 427.7 MB Warning: Failed to get revokefs-fuse socket from system-helper: Flatpak system operation GetRevokefsFd not allowed for user Warning: Flatpak system operation Deploy not allowed for user Warning: Failed to get revokefs-fuse socket from system-helper: Flatpak system operation GetRevokefsFd not allowed for user Error: Flatpak system operation Deploy not allowed for user error: Failed to install org.freedesktop.Sdk: Flatpak system operation Deploy not allowed for user Expected Results: No errors, should have installed. As a mitigation, you can run `sudo flatpak install` instead and it will be able to install the app. Running the app as a user works with `flatpak run` as usual.
I think this is due to the polkit rules. The rule in /usr/share/polkit-1/rules.d/org.freedesktop.Flatpak.rules has: polkit.addRule(function(action, subject) { if ((action.id == "org.freedesktop.Flatpak.app-install" || action.id == "org.freedesktop.Flatpak.runtime-install"|| action.id == "org.freedesktop.Flatpak.app-uninstall" || action.id == "org.freedesktop.Flatpak.runtime-uninstall" || action.id == "org.freedesktop.Flatpak.modify-repo") && subject.active == true && subject.local == true && subject.isInGroup("wheel")) { return polkit.Result.YES; } return polkit.Result.NOT_HANDLED; }); I dropped some debug logs in the rule and tested it with "pkcheck --action-id "org.freedesktop.Flatpak.app-install" --process $$ -u --enable-internal-agent [Subject pid=260 user='jcline' groups=jcline,wheel seat=null session=null system_unit=null local=false active=false] So the rule doesn't apply because the user is not marked local (true if the seat associated with the subject is local) or active (true if the session is active). This is not an area I'm terribly familiar with so I'm going to have to do some further research on the right way to fix this.
I don't have a windows machine at hand any longer but this is very likely an artifact of WSL not spawning a proper user session through PAM (https://github.com/microsoft/WSL/issues/9213) and thus also not dbus etc (https://github.com/microsoft/WSL/issues/8842)
This message is a reminder that Fedora Linux 42 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '42'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 42 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed.