Classic confinement request: System G

System G is a graphical file manager, so it needs access to the file system and the ability to run arbitrary commands on files.

LIcense: GPL v3 Source code: https://github.com/jafl/system-g

Please let me know if you need more information. Thanks!

Has anybody had a chance to consider this request? I tested with strict confinement, and it does not work.

Can you please provide more details on what fails when using strict confinement? As per the Process for reviewing classic confinement snaps a file-manager does not fit within one of the supported categories for classic confinement so it would be best to try and get system-g working with strict confinement. Please provide more details and we should hopefully be able to get it working under strict confinement (even if perhaps some use-cases are not able to be supported).

Thanks for the response!

Two major features are opening files in a directory and opening a terminal in a directory. Opening files requires running whatever program is configured for that file type, e.g., eog for images.

When I tried this under strict confinement with the home plug, it couldn’t even find gnome-terminal, presumably because it was blocked.

Is there a plug to allow running arbitrary programs?

To run the user’s configured application you can plug the desktop interface and then call xdg-open from within the snap.

Unfortunately however there is no way to run external applications like say gnome-terminal from the host machine due to the strict confinement sandbox. Whilst there is now the desktop-launch interface to launch other applications from a snap, it is designed for a fully snapped desktop environment (imagine gnome-shell as a snap) so I am not sure it is appropriate in this case.

However, I expect most users would expect a file manager to be able to access any file which they have access to on the host, and to run in the same mount namespace etc - similar to say an IDE or terminal emulator, both of which already have exceptions for classic confinement. As such, @pedronis or @niemeyer could you please weigh in to clarify whether perhaps we could create a new category for classic confinement for snaps that are traditional file managers? Thanks.

Any possibility of progress on this topic?

Hello @jafl,

Thank you for your patience with this. While @alexmurray is correct that most users would expect a file manager to have full system access, we have recently discussed this topic with the architects and arrived at the conclusion that there will not be a new category for this class of application, nor should we grant classic in this case to allow for the execution of arbitrary programs, given this violates the goals of snap confinement.