snapd icon indicating copy to clipboard operation
snapd copied to clipboard
verified publisher icon snapcore

interfaces/desktop: allow DBus communication with colord

Open sergiusens opened this issue 2 years ago • 9 comments

These set of rules allow for color managed applications to communicate with colord, which will be able to tell such applications which ICC profile to load.

This solution in itself is not complete, as it would still require a plug definition for personal files of the following form:

plugs: dot-local-share-icc: interface: personal-files read: - $HOME/.local/share/icc

Thanks for helping us make a better snapd! Have you signed the license agreement and read the contribution guide?

sergiusens avatar Nov 05 '23 09:11 sergiusens

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (5bbdeb8) 78.99% compared to head (7b686b0) 78.88%. Report is 220 commits behind head on master.

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #13353      +/-   ##
==========================================
- Coverage   78.99%   78.88%   -0.12%     
==========================================
  Files        1030     1037       +7     
  Lines      130310   132855    +2545     
==========================================
+ Hits       102940   104801    +1861     
- Misses      20965    21516     +551     
- Partials     6405     6538     +133
Flag Coverage Δ
unittests 78.88% <ø> (-0.12%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov-commenter avatar Nov 05 '23 09:11 codecov-commenter

It also looks like the InstallSystemWide method will copy profiles to /var/lib/colord/icc, so we might want to make that path available in the sandbox too.

jhenstridge avatar Nov 08 '23 09:11 jhenstridge

It also looks like the InstallSystemWide method will copy profiles to /var/lib/colord/icc, so we might want to make that path available in the sandbox too.

can you point me into the right place to add the logic to provide /var/lib/colord/icc?

sergiusens avatar Nov 13 '23 12:11 sergiusens

owner @{HOME}/.local/share/icc r,

this only works if the home interface is connected, correct?

sergiusens avatar Nov 13 '23 12:11 sergiusens

@sergiusens @jhenstridge I am guessing this PR (#13308) also allows communication with colord?

specifically: https://github.com/snapcore/snapd/pull/13308/files#diff-bd855c70cfa352c5da5bd179f2ed75d297be385945d8e0959db52fe7dfa89e8aR403-R414

ZeyadYasser avatar Nov 22 '23 08:11 ZeyadYasser

it seems it does, and compresses some rules on DBus Path, if James confirms, we can certainly close this.

The PR (neither mine) take into account the need for having the icc profile file paths available in the snap (I solved it for myself with personal-files)

On Wed, Nov 22, 2023 at 5:05 AM Zeyad Yasser @.***> wrote:

@sergiusens https://github.com/sergiusens @jhenstridge https://github.com/jhenstridge I am guessing this PR (#13308 https://github.com/snapcore/snapd/pull/13308) also allows communication with colord?

specifically:

https://github.com/snapcore/snapd/pull/13308/files#diff-bd855c70cfa352c5da5bd179f2ed75d297be385945d8e0959db52fe7dfa89e8aR403-R414

— Reply to this email directly, view it on GitHub https://github.com/snapcore/snapd/pull/13353#issuecomment-1822283365, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAIX7ZOEH6WMAY4CW67PAJ3YFWW4XAVCNFSM6AAAAAA66FZ2O6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRSGI4DGMZWGU . You are receiving this because you were mentioned.Message ID: @.***>

sergiusens avatar Nov 22 '23 12:11 sergiusens

The two PRs don't duplicate each other: one is updating the AppArmor rules on the slot side, and the other on the plug side. My PR being merged won't solve @sergiusens's problem. It may make sense to make the colord access rules as similar as possible though.

owner @{HOME}/.local/share/icc r,

this only works if the home interface is connected, correct?

No. This would work independent of the home interface. Also, the home interface doesn't grant access to ~/.local (since it is a dot file in the base of the user's home directory).

jhenstridge avatar Nov 23 '23 09:11 jhenstridge

On Thu, Nov 23, 2023 at 6:32 AM James Henstridge @.***> wrote:

The two PRs don't duplicate each other: one is updating the AppArmor rules on the slot side, and the other on the plug side. My PR being merged won't solve @sergiusens https://github.com/sergiusens's problem. It may make sense to make the colord access rules as similar as possible though.

Will take your changes as they seem more generic.

owner @{HOME}/.local/share/icc r,

this only works if the home interface is connected, correct?

No. This would work independent of the home interface. Also, the home interface doesn't grant access to ~/.local (since it is a dot file in the base of the user's home directory).

Correct, home will not work, this is why my PR description said that for this to work I created a personal-files rule for the snaps I wanted to use color management. Message ID: @.***>

sergiusens avatar Nov 23 '23 15:11 sergiusens

@sergiusens Could you rebase on top of master and ensure unit tests work?

Meulengracht avatar Feb 21 '24 09:02 Meulengracht

@jhenstridge, would you mind a final pass so we can complete this PR?

ernestl avatar Jun 05 '24 10:06 ernestl