Sandbox this harder (instead of filesystem=host permissions by default)? #76
Comments
That's for the "recent files view" that you get when running "evince" to still work correctly.
Because there can be videos in PDFs. That's implemented in |
|
FWIW, the flatpak version of Evince does not ship the backends for DVI (tetex-live) nor PS (ghostshipt). |
|
Quoting what I wrote in #61 (comment)
|
|
Neighbor files will work in most cases, but not all. This will not work if you have a summary pdf and then folders where other pdf files are located if you first open a pdf located in one of those folders. If you do this, the opened pdf file will not be able to access the summary because it will not be in the same directory. Example:
Directly open issue1-summary.pdf in Issue1Folder. Grant access to neighboring files in this folder. If issue1-summary has an entry to access GeneralSummary.pdf, it won't work. There is another question: If I open GeneralSummary, then open issue-1-summary from it, then close GeneralSummary, will access to GeneralSummary still be available or will it be forgotten? However, I don't think this is a common case. |
I've never ever seen a PDF that linked to other PDFs on the local filesystem. I've seen it on the web... |
https://gitlab.gnome.org/GNOME/evince/-/issues/48. It was on DVD, but the author of the issue said it took up hard drive space. This was an old issue, but in the comments someone else used a manual and he used Fedora 35. As for the DVD, you can copy the files to the hard drive for storage. Audio files can also be in a folder (see https://gitlab.gnome.org/GNOME/evince/-/issues/1584). Do the folders fit into the neighboring files case? |
Why though? I just tested removing |
In my memory, the recent files view showed all the PDFs, not just the ones opened by Evince. That might not be accurate (anymore?). |
The recent view only shows files recently opened by Evince (I tested removing the |
This should not be needed, since Evince uses the file chooser to open files and the recent files view works since access to the files opened with the file chooser portal is persistent. flathub/org.gnome.Evince#76
Looks like Evince ignores recent items from other applications, since at least 2014: https://gitlab.gnome.org/GNOME/evince/-/blob/b4bdbc420c8d7bec29a710a43deb8e8368275b8d/shell/ev-recent-view.c#L717 Here's an MR to remove the |
I don't understand what you mean, could you try rephrasing? |
|
There is discussion about limiting access to specific file types (e.g. images, videos) and file extensions that are in a given folder (for example, automatically open a subtitle file when a video file is opened; see flatpak/xdg-desktop-portal#463). What I said is that this access limitation could also be applied in general, i.e. when the application has access to all folders. |
|
If the neighboring files functionality is designed to be simple (i.e. without giving the reason for accessing these files), I think it doesn't make sense to have a dialog asking for it when, for example, a PDF file is opened... The question is whether users will click "Allow" if they don't know why Evince wants to access neighboring files when opening their PDF file (is it obvious when a user has a catalog of PDFs or has downloaded a PDF with additional resources?). |
|
Given what I've read and commented on in another issue of Evince, I think neighboring files should (also) be available as a filesystem restriction to have regular filesystem names − and not the sandboxed ones, needed for "Open Containing Folder". |
I can't parse this, sorry. |
|
If If So if the neighboring files feature creates a sandbox for the files, Evince will have a sandbox path for them. And I think we want the normal path when we click "Open Containing Folder". |
|
I honestly don't know what you want me to do with this information. Is it a bug report, or ideas for a design for a portal feature that doesn't yet exist? |
|
Sounds to me like a comment that should be added to flatpak/xdg-desktop-portal#463 so it can then either be taken into account in the design of that portal, or moved to a separate issue on the xdg-desktop-portal repo for later follow-up. |
|
It's just that if the neighboring files portal creates a sandbox, and if Evince uses it, "Open Containing Folder" will open a sandboxed folder instead of showing the correct location. This was mentioned on the neighboring files issue when we thought it would be nice to have it as an improvement over "filesystem=host". But it probably wasn't clear. It's hard to say something when we don't know how this portal will be developed... |
|
Given that this is the case when Evince does not use |
I just remembered that the |
|
Stumbled upon the same and first wrongly attributed it to an update in GNOME Software showing an "added" file system permission. |
|
#88 fixed the issue. |
It was brought to my attention that poppler and ghostscript can be security concerns, and that Evince should therefore be run under sandboxes.
Looking at it with flatseal, I see that:
filesystem=hostpermissions by default. Shouldn't it be restricted to access onlyxdg-downloadandxdg-documentsby default, or at bestfilesystem=home?The text was updated successfully, but these errors were encountered: