AppImage
solution for noexec /tmp
Hi
Few users of Tutanota are having difficulties with running the app because their TMPDIR is noexec. Running with TMPDIR=XDG_RUNTIME_DIR helps but we have no way of configuring that.
https://github.com/tutao/tutanota/issues/1618
What is the preferred way of solving this? It seems like there's no big difference between TMPDIR and XDG_RUNTIME_DIR security-wise but people still do this.
Thanks.
Looks like TMPDIR=$XDG_RUNTIME_DIR /path/to/appimage is an acceptable workaround.
Which makes me wonder whether we should be using it as the default.
cc @TheAssassin
@probonopd well this is another case of you making assumptions on systems. You can never know. Many systems even mount a tmpfs there.
We should consider mounting AppImages somewhere in $HOME or /var/run/<uid> in the next type.
I don't know which systems.
TMPDIR is "half-standard" afaik. XDG_RUNTIME_DIR may also be missing but it's required to have certain properties (and it is exactly /var/run/uid from what I've seen)
The directory MUST be owned by the user, and he MUST be the only one having read and write access to it. Its Unix access mode MUST be 0700.
https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html#variables
We should consider mounting AppImages somewhere in $HOME
Isn't /media/$USER meant for that? I need to read up on this.
or /var/run/
We don't have write rights there, do we?
in the next type
This doesn't need a type change as it is a mere implementation detail of the runtime not covered by the AppImage format spec.
We don't have write rights there, do we?
Most systems create a subdirectory with your user ID there which you can do stuff in. For instance, appimagelauncherfs's mount point is created there.
Let's consider making a change only once we can at least reproduce the issue. For this we need to know a Live ISO where the issue can be reproduced.
@charlag please provide a list of steps to reproduce this issue in a standardized environment (e.g., a live ISO environment in a VM).