Filesystem access scope #153
Comments
* Change the "--filesystem" flag from "home" to "xdg-download". That means Signal can only access the XDG Download folder of the user instead of full access to home folder. * Resolve flathub#153.
* Improve sandbox security by change the "--filesystem" flag from "home" to "xdg-download". This means Signal can only access the XDG Download folder of the user instead of full access to home folder. * Resolve flathub#153.
|
The application needs access to home, so that sharing files with your contacts will stay possible. |
|
There seems to be a possibility to circumvent the restrictions. |
|
Strange. I am a GNOME user and I don't experience this issue. Could this be a DE specific bug? |
|
The file sharing screen for the latest version of Flatpak-installed Signal. The Chinese folder names read:
Environment:
|
|
As described here: I am unable to reproduce the issue in a virtual machine and a flesh-installed Kubuntu / KDE Neon. Both setups work perfectly normal to me. Would require more information from @Maltimore. |
|
I only see the folders "Download" and "Desktop" because I deleted the others a long time ago, never thought they would be of any use until now. Makes me wonder if @Maltimore could have deleted/renamed all of them so they don't show up. In general I think this would be a perfect use case for the FileChooser portal. (General description of portals.) (Supporting drag and drop would be a dream! More info on that possibility: flatpak/xdg-desktop-portal#99) |
Is there any reason why this application needs a full "home" filesystem access? If the file system access is only for downloading files, the access scope can well just be "xdg-download" (the download folder) instead of "home", right?
The Element / Riot.im flatpak package is setup this way.
The text was updated successfully, but these errors were encountered: