Open Bleuzen opened 2 years ago
TomaszGasior
commented
2 years ago This can be done downstream by distribution which wants to suport that KDE Plasma feature. Just provide /var/lib/flatpak/overrides/global with this content:
[Context]
filesystems=xdg-config/gtk-3.0;xdg-config/gtk-4.0;
Bleuzen
commented
2 years ago This can be done downstream by distribution which wants to suport that KDE Plasma feature. Just provide
/var/lib/flatpak/overrides/global
This is a known workaround for some time now. But please be realistic: Downstream distros won't fix it. This issue exists for long enough and no distribution ships with this workaround. Most don't even know because it is impossible for every distro developer to test everything. So we have these options:
A) Fix it in hundred places and ask all of distro developers to ship this workaround with their package/distro. Many will forget or don't care. What if something changes about this? Would have to ask many people again to fix it another time in hundreds of places.
B) Fix it in only one place (flatpak/runtimes). Makes it work for everyone ootb. Users happy, distro maintainer happy.
Think B makes much more sense.
TomaszGasior
commented
2 years ago No, with B solution you are creating security hole. Just for customization. Customization is not core feature of the OS. If you are able to create gtk.css or install addons which manage gtk.css customization file, you are also able (or that tools are) to add needed global override to flatpak.
Bleuzen
commented
2 years ago No, with B solution you are creating security hole
Checked that directory and can only find the ini, css files and svgs. Can't imagine what apps can do evil with readonly css/svg files.
In which case is there sensible data in .config/gtk-3.0/?
TomaszGasior
commented
2 years ago Yes, servers and bookmarks for example.
Bleuzen
commented
2 years ago Yes, servers and bookmarks for example.
Hm we could allow only the files needed:
--filesystem=xdg-config/gtk-3.0/settings.ini:ro
--filesystem=xdg-config/gtk-3.0/gtk.css:ro
--filesystem=xdg-config/gtk-3.0/colors.css:ro
--filesystem=xdg-config/gtk-3.0/assets:roEdit: Also edited the main post to suggest only these files for theming.
Erick555
commented
2 years ago KDE runtime is able to set permissions inherited by all apps which use it. Flatpak could mount those paths by default if developers wanted to but I'm afraid they don't.
Bleuzen
commented
2 years ago KDE runtime is able to set permissions inherited by all apps which use it.
Thanks for pointing that out.
Flatpak could mount those paths by default if developers wanted to but I'm afraid they don't.
If it doesn't have any downsides, but makes people happy, I can't see why they wouldn't want it. Will see, I suggested it here: https://gitlab.com/freedesktop-sdk/freedesktop-sdk/-/issues/1362
Checklist
Suggestion
Currently there are many apps requiring the exact same permissions. For example:
To make theming work in case of custom css of gtk themes (prominent example: KDE Plasmas default dark theme: Breeze Dark) all gtk applications need read access to some files in
.config/gtk-3.0. The current solution would be to addto any gtk app. This could be simplified by this feature requested here. If we could add this as a default permission for the freedesktop (or gtk/gnome) runtimes, this filesystem permission would not have to be added hundreds of times in all gtk apps and make theming work out of the box.