Expose host filesystem to sandbox

[nachokb]

Reading and writing files on a USB drive is important for people using this app. I find the current flatpak gives me no way to access them.

This is my attempt to solve this. Please close if there's a better way to do this.

[TingPing]

It probably makes sense to just go full --filesystem=host at that point to avoid edge cases.

[bochecha]

It probably makes sense to just go full --filesystem=host at that point to avoid edge cases.

Yeah... But then do we really want this? :-/

I guess it's not much worse than giving access to the whole $HOME anyway...

[TingPing]

The difference between home and host is minimal, assuming sane permissions on the host.

[bochecha]

The difference between home and host is minimal, assuming sane permissions on the host.

Yeah, that's kind of what I was going with.

@nachokb Can you update your pull request then?

[nachokb]

Ok I can do that; still feel there should be a better way though… (one minute please)

Actually, the reason I created this PR is to spark that discussion. How would we handle it, ideally? I can't think of ways that would avoid requiring modifications to the apps themselves. How does this fit into Flatpak's design?

[TingPing]

Ideally the application uses the FileChooser portal: http://flatpak.org/xdg-desktop-portal/portal-docs.html#gdbus-org.freedesktop.portal.FileChooser

[nachokb]

Ideally the application uses the FileChooser portal

Thank you! I've been trying to look into the documentation for exactly this kind of thing with no luck.

[nachokb]

@bochecha done :+1:

[bochecha]

Actually, the reason I created this PR is to spark that discussion. How would we handle it, ideally?

As @TingPing said, this does require some form of cooperation from the app.

The mechanisms to poke holes in the sandbox that Flatpak provides are meant for a transition period while apps slowly adapt to being sandboxed. (or in the long term, for old apps which don't/can't adapt)

It's definitely a good discussion to have, but it probably should happen upstream. 🙂

In the case of Blender, things are more complicated than they could be because it doesn't use one of the big UI toolkits: Gtk3 and Qt5 implement portals in a completely transparent way. That is, a typical Gtk3 app using the normal GtkFileChooser passes through the portal without even knowing it, without any change required to the app.

[nachokb]

it probably should happen upstream

totally

Blender [is] more complicated […] because it doesn't use one of the big UI toolkits

Good to know Gtk and Qt implements this already..