Erick555

This is expected as thunderbird flatpak has [direct access](https://github.com/flathub/org.mozilla.Thunderbird/blob/master/org.mozilla.Thunderbird.json#L27) to ~/Downloads thus it bypass portal for this path.

Do you mean it happens only for `/tmp` and not for any other path? In general portals translate host paths to container paths and the latter are in `/run/user/1000/doc/` and...

> If people want to re-implement sandboxes and integrate with other systems like portals they need to do the work and integrate with it. Does this scale? Is there a...

> What is the alternative? Stop being secure in our security framework? I thought more of defining standard way of connecting sandboxes with the x-d-p which could be used as...

How useful is this change on its own? For example the document portal would be still unusable for non-flatpak apps.

> If a File2 is deleted, File1 is also deleted! Because it's the same file available under two places in different filesystems. The real file resides under xdg-pictures and is...

Running `/usr/lib/xdg-document-portal` automatically at session start outside `systemd --user` service works as well.

> whats the connection between pam_namespace being used and /run/user/1000/doc not existing ? No idea but disabling `pam_namespace` make it work again. I guess there is some fragility in creating...

I can add that I'm using KDE Plasma 5.15.5 session. It fails for both Xorg and Wayland. Interestingly even adding: ``` ExecStart=/usr/lib/xdg-document-portal --verbose Environment=G_MESSAGES_DEBUG=all StandardOutput=file:/home/user/.cache/xdg-doc.log StandardError=inherit ``` to `xdg-document-portal.service` doesn't...

Without pam_namespace (some flatpak app runs): ``` NS TYPE PATH NPROCS PID PPID COMMAND UID USER NETNSID NSFS 4026531840 mnt /proc/1/ns/mnt 150 1 0 /sbin/init 0 root 4026531860 mnt /proc/32/ns/mnt...