xdg-desktop-portal icon indicating copy to clipboard operation
xdg-desktop-portal copied to clipboard

Published 20 hours ago verified publisher icon flatpak

Non-flatpak sandboxed (firejail) applications cannot access portals

Open WhyNotHugo opened this issue 3 years ago • 2 comments
trafficstars

Non-Flatpak applications cannot access the settings portal. E.g.: Running d-feet with Firejail results in this error:

image

However, in this scenario d-feet is sandboxed but is granted full read-write access to all D-Bus endpoints. It seems that the issue it that the portal itself is assuming that any sandboxed application is a Flatpak application, and ends up calling parse_app_info_from_flatpak_info, which fails in this case since /proc/%u/root is inaccessible to the current user.

WhyNotHugo avatar Mar 18 '22 20:03 WhyNotHugo

It seems that the issue it that the portal itself is assuming that any sandboxed application is a Flatpak application

The portal checks the processes filesystem to see if its a Flatpak. I'd assume handling this specific failure as unsandboxed wouldn't be a security issue but I'm not sure.

TingPing avatar Mar 19 '22 01:03 TingPing

See #741

WhyNotHugo avatar Mar 23 '22 00:03 WhyNotHugo