Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reduce Multiplex permissions #12

Open
sonnyp opened this issue Feb 20, 2024 · 1 comment
Open

Reduce Multiplex permissions #12

sonnyp opened this issue Feb 20, 2024 · 1 comment
Assignees
@pojntfx
Labels
enhancement New feature or request

Comments

@sonnyp
Copy link

sonnyp commented Feb 20, 2024
edited
Loading

Follow up to https://floss.social/@[email protected]/111966298529562604
See https://flathub.org/apps/com.pojtinger.felicitas.Multiplex

I'm pretty sure we can get from "potentially unsafe" to "probably safe". We don't do a lot of advocacy around this topic so if we succeed I'd love to publish a blog post on Flathub blog.

Here are some quick suggestions - not sure how realistic

  • Network access: no choice for now until we get a network portal Network permission portal flatpak/xdg-desktop-portal#1166
  • Arbitrary permission: whatever you spawn, do it in the sandbox
  • Download Folder read/write access: instead ask users where they want to save files (one time is fine, document portal entries are permanent)
  • System folder /tmp: there is a $TMPDIR in the sandbox
  • Video folder: same as download folder - use document portal

Flathub:

image

GNOME Softare:

image
@pojntfx pojntfx self-assigned this Feb 20, 2024
@pojntfx pojntfx added the enhancement New feature or request label Feb 20, 2024
@pojntfx
Copy link
Owner

pojntfx commented Feb 20, 2024
edited
Loading

Thanks a lot for the suggestions! I'll def. get to working on these once I've published updated versions of the underlying weron and panrpc libraries, as well as the GNOME Builder MR that adds Go support.

Regarding the individual permissions:

  • "Network access: no choice for now until we get a network portal" - yup, and since this has to do NAT hole punching to signal once there is such a portal, maybe there would also have to be a "requesting access to the local network" type of permission in addition to being able to reach out to the signaling server URL
  • "Arbitrary permission: whatever you spawn, do it in the sandbox" - this should be fixable by embedding MPV inside of the GTK views instead of doing what I'm doing rn (spawning MPV using the MPV Flatpak). Delfin does this in Rust + GTK4, so I'm sure it's going to be possible here as well, although I'm not quite sure how embedding works with the Go GTK bindings!
  • "Download Folder read/write access: instead ask users where they want to save files (one time is fine, document portal entries are permanent)" - sweet, didn't know that this was a thing! That folder is already configurable, and we only need read/write access to one specific directory, so should be an easy enough improvement
  • "System folder /tmp: there is a $TMPDIR in the sandbox" - that relates to the MPV embedding issue, if we use $TMPDIR with the current solution there is no way of the MPV Flatpak accessing the same directory I'm afraid, but once we can embed Delfin-style that won't be a problem
  • "Video folder: same - use document portal" - same as the downloads folder, should be user-configurable anyways

@pojntfx pojntfx changed the title Muliplex permissions are scary :) Reduce Multiplex permissions Feb 20, 2024
@pojntfx pojntfx mentioned this issue Mar 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pojntfx pojntfx

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sonnyp @pojntfx