Simon McVittie
Simon McVittie
Your screenshot demonstrates that the file chooser, which runs outside the sandbox, can access the filesystem. But, if you try to actually open or save a (harmless, expendable) file while...
Not without altering the app. The entire point of the file chooser portal is that it gives you control over what files the sandboxed app can and can't open, without...
To clarify, the partially-trusted sandboxed app *does not* have access to the full filesystem (unless it's given that access with `--filesystem=host` or similar). It is only the trusted file chooser...
See also https://github.com/flatpak/xdg-desktop-portal-gtk/issues/429
> My kernel has unprivileged user namespaces disabled so I installed bubblewrap suid Disabled in what way, exactly? There have been several mechanisms for disabling unprivileged creation of user namespaces,...
We've had libsoup support (at least in theory) for the whole 1.15.x cycle, and we're hoping to do a 1.16.x stable branch soon, so I think the time to drop...
I still need to verify that this successfully blocks the syscalls we want to block.
Ugh, this doesn't actually work. `bwrap` only accepts one `--seccomp` argument, and ignores subsequent arguments - so we can only turn these into an allowlist if we *only* have an...
I'm sorry, I don't see a way to make this work without being able to add more than one seccomp program to bwrap. I'm way outside my understanding of libseccomp...
OK, this part I think I *do* understand, if only because I've been researching it as fast as I could... > One day, libxshmfence decided it was going to start...