Classic confinement for Organize My Files

Qiplex · March 9, 2018, 10:44am

Hello guys,

Would you please grant classic confinement for organize-my-files snap?

App webpage: https://qiplex.com/software/organize-my-files/

After sharing the app by official Ubuntu social accounts (Twitter / Facebook / Google+), some users reported issue with the UI

The app for proper functioning walking the filesystem and strict confinement breaks UI once user downloaded and installed the snap.

Broken UI that user is seeing after installation:

Working UI should look like:

Many thanks!

-Qiplex

Qiplex · March 17, 2018, 9:06am

/cc @evan @Wimpress

Can you guys have a look on it?

evan · March 20, 2018, 11:02am

Hi @Qiplex. Do correct me if I’m wrong, but it looks like Organize My Files is intended for files and directories inside the home directory. If that’s the case, it should not need classic confinement.

I can confirm that no directories are shown in both Ubuntu 16.04.4 and Solus. I’m not seeing any denials with snappy-debug.security scanlog organize-my-files and installing via snap install --devmode organize-my-files produces the same behaviour. This suggests the problem is not confinement.

How are you obtaining that default set of folders under the “Default Folder” and “Folders” headings?

Qiplex · March 21, 2018, 8:59am

Hi @evan

When program starts it loads user Desktop directory by default. This is the folder under “Default Folder”

To get current user Desktop directory we are using Electron’s app.getPath(desktop)

https://electronjs.org/docs/api/app#appgetpathname

The Desktop folder is not loaded correctly, which leads to broken UI. For me the problem looked like container isolation issue. That’s why I thought that classic confinement needed to overcome this.

Under “Folders” section the user adding folders manually via clicking on add-folder icon on top-left corner. Electron’s dialog.showOpenDialog used there.

https://electronjs.org/docs/api/dialog#methods

Since dialog.showOpenDialog works correctly, but app.getPath(desktop) doesn’t its quite likely to be an Electron issue. I will do additional testing and update the issue with outcome.

Qiplex · March 22, 2018, 12:24pm

Hello @evan,

I did additional debugging and can confirm that classic confinement wasn’t an issue here.

While debugging I got the following error

The issue turned to be in $HOME variable rewritten by snap for security and isolation purposes:

HOME This environment variable is re-written by snapd so that each snap appears to have a dedicated home directory that is a subdirectory of the real home directory.

Typical value: /home/zyga/snap/hello-world/27

https://docs.snapcraft.io/reference/env

So simple hotfix did a trick:

const desktop = app.getPath('desktop')
const downloads = app.getPath('downloads')

let defaultdir = desktop

// snap isolation fix for '/home/User/snap/x1/app-name/Desktop'
if (process.platform == 'linux' && defaultdir.includes('/snap/'))
    defaultdir = defaultdir.replace(/snap.*/, '') + path.basename(defaultdir)

Thanks for your time and I am really sorry for false positive.

jdstrand · March 22, 2018, 3:49pm

Thanks for getting back to us. Since you prefer not to use $HOME, you might consider instead of fixing up the value that is in $HOME, simply using defaultdir = pwd.getpwuid(<uid of the calling user>)[5]