Open czhang03 opened 8 months ago
@charlag could you provide some details as to why we need access to whole home directory? What is the actual use case that cannot be done without all these permissions? Perhaps reducing them more then they are now? I can provide PR but I'd like to know why some things have to be kept.
@pm4rcin I am not sure anymore. I can find this commit:
https://github.com/flathub/com.tutanota.Tutanota/commit/bbb84c69ece1743158b86b3cec160e989d149ff0
which claims to fix second instance detection but that is in a well-known location.
It might be related to picking download destination or something else, one would have to do some testing.
I will be honest, for me personally this is not on top of my priority list, I would rather make everything work in Flatpak and then lock it down. Both might require some changes in the app itself.
It might be related to picking download destination or something else, one would have to do some testing.
I have revoked all filesystem permissions and was able to easily pick any file because electron uses portals for this. My testing procedure:
@charlag one more question do you remember why xdg-run/keyring
access is needed? Isn't it only required to have bus access for it to work? Or there was some edge case?
@pm4rcin sorry, I have a memory of answering you but actually I didn't.
It's for libsecret. It might not be needed anymore but we also have a patched libsecret which switches back from forces file backend into d-bus backend but I have already heard from flatpak devs that such access to keyring is unsafe so I don't know how long we can get away with doing that.
I think you could try removing it and seeing if it works.
I realize that tuta has
host:ro
, and wondering why it is necessary.I think if this is needed to access some system files, I think the
host-os:ro
should be more modular.See: https://man7.org/linux/man-pages/man5/flatpak-metadata.5.html