Requesting auto-connection for dot-local-share-applications and dot-local-share-icons (both with interface personal-files) for Steam.
In the Steam snap we need to create icons and desktop files in the user’s $HOME/.local/share directory. PR with the plugs added: https://github.com/canonical/steam-snap/pull/318, and the issue it resolves: https://github.com/canonical/steam-snap/issues/7.
The personal-files interface is defined as:
dot-local-share-applications:
interface: personal-files
write:
- $HOME/.local/share/applications
dot-local-share-icons:
interface: personal-files
write:
- $HOME/.local/share/iconsAlthough Snap doesn’t own the mentioned directories, these directories can be used by other applications as well, but given the requirements, these interfaces are required for Snap to function normally.
+1 from me to auto-connect to dot-local-share-applications and dot-local-share-icons personal interfaces
I think we need to be cognizant of another recent thread when considering this request: Chromium progressive web apps. Allowing for the creation of desktop launchers does allow for sandbox escapes. On the surface, there are many parallels between these cases (it was granted for Chromium).
Looking at the .desktop files that are generated, it appears as though we see:
Exec=steam steam://rungameid/<game id>
which suggests to me that games are re-executed under the confinement provided by the steam snap, although a process listing reveals the situation is more complex than that (and I have not dug into it).
Given use case, the publisher and the profile of Steam, I am supportive, but in the name of completeness are you just able to briefly explain the (sandboxed or not) environment that steam apps run in?
Steam itself and each game runs in its own container, designed by Valve. The situation is a bit complicated, but there’s a decently detailed synopsis of it here and here if you’re curious.
And to elaborate there, they all still run within snap confinement of steam. But steam itself uses pressure vessel to run each game.
Thanks for the info. It seems to me then we’re not breaking the confinement model by allowing this, and we trust (to the extent possible) Steam to not start writing rogue desktop files, so as per the Chromium PWA case it gets a +1 from me.
I agree - this fits the same model as the Chromium PWA use-case and the publisher is trusted already so +1 from me too.
+3 votes for, 0 against. We will grant this request as soon as the linked PR is merged and a revision exists for us to apply the declarations to.
These changes are done.