[cancelled] Classic confinement request for FBReader


We want to release new (not open-source) version of FBReader (https://fbreader.org/) for Linux. Expecting to release beta version next week, and a version available to end-users by Christmas.

The app written using Qt6 library, and writes its internal files to standard locations:

  • $HOME/.local/share/FBReader.ORG Limited/FBReader for application data (an sqlite database),
  • $HOME/.config/FBReader.ORG Limited/FBReader for config files
  • $HOME/.cache/FBReader.ORG Limites/FBReader for caches

As far as I understand, there is no way to allow access to the folders listed above in strict confinement.

We know there is an option to save local data and configs in snap-specific folders, however this makes FBReader from snap incompatible with other binary distributions of the same app.

On the other hand, FBReader is 15+ years on the market, so we expect that users trust us, and classic confinement will not be a significant reason to not install the snap.

So, we request classic confinement for our app.

Best Regards,

– Nikolay Pultsin, on behalf of FBReader.ORG Limited

Take a look at the personal files interface, it’d allow you to access the folders listed above in strict confinement. While I’m not on the reviewer team, they’d likely ask you to explore it too before considering granting classic privileges.

Classic isn’t just the removal of the sandboxing, classic snaps run in the host mount namespace, meaning they can easily accidentally mix libraries with the host environment causing incompatibilities and crashes, making classic snaps harder to maintain too. Trying to remain strict is likely in your best interests :slight_smile:

Thanks. If it is possible to allow access to the folders, that would be definitely the best solution.

Hmm, I was sure we tried personal-files interface and it does not work with dotted folders. However, your link shows “.dir” in examples. Very interesting, we’ll check again and I’ll be back.

That sounds like either the interface was defined but not manually connected (you can apply to have it automatically connected for users similar to how you’re applying to classic here), or the application code was looking for $HOME and the value of $HOME in strict snaps by default is their own private folders in ~/snap/example/current. You might have to adjust the application to look in the users real home. In recent versions of snapd (2.46+) that’s available with $SNAP_REAL_HOME. If you wish to support versions older than that, you could do something similar to this in Bash.

REALHOME=`getent passwd $UID | cut -d ':' -f 6`

Great! It seems like you are absolutely right. Manual connection makes the trick.

So, this request is cancelled. We’ll test the app in manual mode and probably I’ll be back with the auto-connection request soon.

Thank you for the prompt help!

1 Like