-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sandbox is too restrictive #14
Comments
Then from there you can do |
Sorry for being slow at responding, but anyway... My impression is that it is pretty difficult to provide your usual host tools, most of them in /usr/bin, as-is inside the sandbox because /usr is where your runtime is. Even if you'd bind all of them into the sandbox, my guess would be that not all of them would be OK with replacing libraries of the host system with libraries of the runtime. Given how completely emacs can be customized by the user, it seems possible that its functions for executing programs could be adjusted to go through flatpak-spawn by default. I have not tried it, though. Also I am having trouble getting that advice from @TingPing to work, but still looking at why that is. |
From an emacs shell, this is what I get when calling |
Either:
|
flatpak was outdated, updated it using the PPA, however the issue persists:
And yes, this is launching with:
|
My mistake: |
Ah okay, yeah this works. Was hoping to be able to get flyspell to work with this, but no luck there :\ |
A major problem with this issue is that for In any case, I managed to get other packages like (if (getenv "FLATPAK_ID")
(with-eval-after-load 'org
(setq org-latex-pdf-process (map 'list
(lambda (x)
(concat "flatpak-spawn --host " x))
org-latex-pdf-process)))) This code coexists pretty well with my other, non-virtualised and non-sandboxed instance of Emacs so far. I'm poking at how |
@muep would you accept adding |
@philn looks good to me. Now that I try the instructions for flatpak-spawn from a long time ago, I see that it works. Usually Fedora has a reasonably up-to-date flatpak, but I suppose that the functionality was still missing. |
In current Fedora Silverblue it works :) Dunno about vanilla Fedora though. |
👍 on the idea of patching Emacs to call |
Just wanted to add that changing from (I was facing |
Ok But that doesnt fix the sandbox issue when trying to call some repo apps, etc. I cant run anything in the emacs terminals (any terminals !) nor with dmenu. How to fix this flatpak sandbox annoying behaviour ? At this point, the flatpak sandbox just breaks emacs :( I mean whats the point of a flatpak emacs then ? |
- NOTE: this is a workaround provided [here](https://emacs.stackexchange.com/questions/47768/error-enabling-flyspell-mode-in-emacs) for a bug documented [here](flathub/org.gnu.emacs#14) for which we would generally prefer a more robust solution
- NOTE: this is a workaround provided [here](https://emacs.stackexchange.com/questions/47768/error-enabling-flyspell-mode-in-emacs) for a bug documented [here](flathub/org.gnu.emacs#14) for which we would generally prefer a more robust solution
@danrobi11 I think you're going to end up having to start the emacs terminal itself with |
I'm on Fedora 36 Silverblue, and have installed the latest Emacs from Flathub. I had to manually override the
Is this step really necessary? Can't it be included in the recipe? |
Thanks @joehakimrahme , I think it should be reasonable to include it. I will look at it as soon as convenient. |
It appears this could also be solved if sh-5.1$ ls -al /usr/share/aspell
ls: cannot access '/usr/share/aspell': No such file or directory
sh-5.1$ flatpak-spawn --host ls /usr/share/aspell
aspell.compat
…
sh-5.1$ aspell dicts
[no output]
sh-5.1$ flatpak-spawn --host aspell dicts
en
… As a work-around, if you have ( |
This addresses flathub#14 by making the org.freedesktop.Flatpak name available to Emacs. This weakens the sandbox by making the flatpak-spawn --host command work from within Emacs. This is expected to not be harmful, because Emacs would typically have full access to practically all the files of the user in any case.
Sorry for taking my sweet time, I have had limited time for improvements in recent weeks. @joehakimrahme @posita , #50 has the change for enabling the use of While I guess someone will want to use |
Thanks for the change. I'm still a bit new to flatpak. I have previously overriden tlak-name manually, do you think it will affect me (and others) updating to the new build? |
This addresses flathub#14 by making the org.freedesktop.Flatpak name available to Emacs. This weakens the sandbox by making the flatpak-spawn --host command work from within Emacs. This is expected to not be harmful, because Emacs would typically have full access to practically all the files of the user in any case.
This addresses flathub#14 by making the org.freedesktop.Flatpak name available to Emacs. This weakens the sandbox by making the flatpak-spawn --host command work from within Emacs. This is expected to not be harmful, because Emacs would typically have full access to practically all the files of the user in any case.
#50 was merged and got at least the |
@tariqk not sure if this is still interesting to you but it might interesting to others so I will leave this comment here. There is a texlive sdk extension. One can then add that texlive sdk extension as an environment variable. For installing the sdk one can follow the instructions at https://flathub.org/apps/org.freedesktop.Sdk.Extension.texlive
The version of texlive should be the same as the version of freedesktop in the manifest according to this comment.Then one can maybe add that extension as an environment variable either each time the flatpak is run as shown here (I did not try that and have no or little experience with that syntax) https://www.reddit.com/r/emacs/comments/1bhmvie/comment/kvhmyjz/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button or as mentioned in that link adding the environment variable (more specifically, adding it as a configuration). One can add the environment variable with flatseal or using the command below: MAYBE IMPORTANT NOTE: In the command below I used --user but depending on how you installed emacs, you might not have to use that I am not sure
You might also need to change the PATH emacs uses [EDIT: at least that was need for turning equations to images in .tex files]. I saw somewhere that the PATH that emacs uses in the GUI is not necessarily the PATH that is used in the shell that ran it. You might have to add the following configuration to emacs: (setenv "PATH" (concat (getenv "PATH") ":/usr/lib/sdk/texlive/bin/x86_64-linux:/usr/lib/sdk/texlive/bin/" )) The first time I modified the PATH in an emacs configuration file I was able to get image previews of latex equations but the second time after I tried removing stuff that I thought might not be needed, I got an error that still appeared after I tried to manually revert back to the configuration I had. The error was something like or exactly the text below:
I was able to fix that error by following the answer here but I modified the path and the command I used was (setq preview-gs-command "/usr/lib/sdk/texlive/bin/gs") [EDIT: If you are using org-mode to view latex files it seems that it is necessary to modify (add-to-list 'exec-path "/usr/lib/sdk/texlive/bin/x86_64-linux") ] |
When using modes like merlin for ocaml, emacs has to be able to launch some external binaries. Same with the rust language server. And basically any feature that relies on executables outside of the sandbox.
Many plugins depend on the environment too. Having to use
--env
for every variable is a big problem.Would it be possible to allow emacs from flatpak to start basically any process?
The text was updated successfully, but these errors were encountered: