Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The permission store uses documents st_dev to store permissions but st_dev may be virtual and may not be persistent #1362

Open
lbaudin opened this issue May 20, 2024 · 0 comments
Open

The permission store uses documents st_dev to store permissions but st_dev may be virtual and may not be persistent #1362

lbaudin opened this issue May 20, 2024 · 0 comments
Labels
bug

Comments

@lbaudin
Copy link

lbaudin commented May 20, 2024
edited
Loading

Operating System

Ubuntu, Fedora

XDG Desktop Portal version

1.18

XDG Desktop Portal version (Other)

No response

Desktop Environment

GNOME

Desktop Environment (Other)

No response

Expected Behavior

The permission store should keep permissions of opened (persistent) document. For instance, a recently opened file should be available after several reboots if it has not been deleted (and, of course, if the app asked the permission to be persistent).

Current Behavior

The permission store, according to this page, uses the device id st_dev to store permissions. However, with btrfs (or, I was told, ext4+lvm), the device id is virtual and may not persist with reboots (especially, for instance, in fedora silverblue when an upgrade is carried out).

As a result, permissions are not really persistent and, for instance with Secrets [1], new permissions may be necessary:

Table      Object     App                     Permissions                  Data
background background org.gnome.World.Secrets yes                          0x00
documents  74ae3507   org.gnome.World.Secrets read,write,grant-permissions (b'/home/lucas/test.kdbx', 39, 256, 0)
documents  33679dc0   org.gnome.World.Secrets read,write,grant-permissions (b'/home/lucas/test.kdbx', 61, 256, 0)
documents  76a9a32b   org.gnome.World.Secrets read,write,grant-permissions (b'/home/lucas/test.kdbx', 64, 256, 0)

(see here for more examples)

And something looks definitively wrong in the exposed filesystem:

[📦 org.gnome.World.Secrets ~]$ ls /var/run/user/1000/doc/*

/var/run/user/1000/doc/33679dc0:
'test.kdbx'

/var/run/user/1000/doc/74ae3507:
'test.kdbx'

/var/run/user/1000/doc/76a9a32b:
'test.kdbx'

/var/run/user/1000/doc/c4a70ceb:
[📦 org.gnome.World.Secrets ~]$ ls /var/run/user/1000/doc/*/*
ls: impossible d'accéder à '/var/run/user/1000/doc/33679dc0/test.kdbx': Aucun fichier ou dossier de ce type # Meaning no such file or directory
ls: impossible d'accéder à '/var/run/user/1000/doc/76a9a32b/test.kdbx': Aucun fichier ou dossier de ce type
'/var/run/user/1000/doc/74ae3507/test.kdbx'
[📦 org.gnome.World.Secrets ~]$

[1] Issue here. In this case it breaks the "recent files" menu.

Steps to Reproduce

  1. Select a file with a flatpak app from, for instance, a btrfs subvolume
  2. "Wait some time" (i.e. wait for something that may change the device id, I think it happens with a silverblue upgrade+reboot, but it also happens several times a week in a regular Ubuntu install)
  3. The flatpak app does not have access to the file anymore

Anything else we should know?

If my diagnosis is correct, this is probably not trivial to fix. It also happens with network shares mounted via gvfs. Maybe the mount point should be recalled in the permission store?
@lbaudin lbaudin added the bug label May 20, 2024
@github-project-automation github-project-automation bot moved this to Needs Triage in Triage May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
Triage
Status: Needs Triage
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lbaudin