Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non-flatpak sandboxed (firejail) applications cannot access portals #737

Open
WhyNotHugo opened this issue Mar 18, 2022 · 2 comments
Open

Non-flatpak sandboxed (firejail) applications cannot access portals #737

WhyNotHugo opened this issue Mar 18, 2022 · 2 comments
Labels
needs discussion Needs discussion on how to implement or fix the corresponding task unsandboxed This only applies to unsandboxed applications

Comments

@WhyNotHugo
Copy link
Contributor

Non-Flatpak applications cannot access the settings portal. E.g.: Running d-feet with Firejail results in this error:

image

However, in this scenario d-feet is sandboxed but is granted full read-write access to all D-Bus endpoints. It seems that the issue it that the portal itself is assuming that any sandboxed application is a Flatpak application, and ends up calling parse_app_info_from_flatpak_info, which fails in this case since /proc/%u/root is inaccessible to the current user.
@WhyNotHugo WhyNotHugo mentioned this issue Mar 18, 2022
Merged
@WhyNotHugo WhyNotHugo changed the title Non-flatpak sandboxed applications cannot access settings Non-flatpak sandboxed applications cannot access settings portal Mar 18, 2022
@TingPing TingPing changed the title Non-flatpak sandboxed applications cannot access settings portal Non-flatpak sandboxed (firejail) applications cannot access portals Mar 19, 2022
@TingPing
Copy link
Member

TingPing commented Mar 19, 2022
edited
Loading

It seems that the issue it that the portal itself is assuming that any sandboxed application is a Flatpak application

The portal checks the processes filesystem to see if its a Flatpak. I'd assume handling this specific failure as unsandboxed wouldn't be a security issue but I'm not sure.

@rusty-snake rusty-snake mentioned this issue Mar 19, 2022
Open
This was referenced Mar 22, 2022
Closed
Closed
@WhyNotHugo
Copy link
Contributor Author

See #741

@WhyNotHugo WhyNotHugo mentioned this issue Sep 4, 2023
Open
@GeorgesStavracas GeorgesStavracas moved this to Needs Triage in Triage Oct 2, 2023
@GeorgesStavracas GeorgesStavracas mentioned this issue Oct 5, 2023
Closed
@GeorgesStavracas GeorgesStavracas added unsandboxed This only applies to unsandboxed applications needs discussion Needs discussion on how to implement or fix the corresponding task labels Oct 13, 2023
@GeorgesStavracas GeorgesStavracas moved this from Needs Triage to Triaged in Triage Oct 13, 2023
@xi xi mentioned this issue Jun 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs discussion Needs discussion on how to implement or fix the corresponding task unsandboxed This only applies to unsandboxed applications
Projects
Triage
Status: Triaged
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow portal access non-flatpak sandboxes
3 participants
@WhyNotHugo @TingPing @GeorgesStavracas