GTK has a GtkRecentManager API that allows applications to advertise recently used files (for unconfined applications the API writes to $HOME/.local/share/recently-used.xbel).
When running confined, the API writes to $HOME/snap/<snapName>/current/.local/share/recently-used.xbel instead.
Unconfined applications such as nautilus (or the shell) can display a list of recently used files, but they’re not aware of those opened by confined applications. That seems reasonable to me, as exposing which files were opened by a sandboxed application for the entire system (and every unsandboxed application out there) to see seems like an important information leak.
However this can also be seen as a regression by end users who are expecting to see their recently used files show up there, when they start using the snap version of an application. This was recently reported as a bug against the libreoffice snap.
Not really sure what to do about that, or if we want to do something at all, but I thought I’d open a discussion here to get people’s input and opinions.
This is essentially covered by xdg-desktop-portal bug #215. I don’t think there has been any action taken on it yet though.
It definitely doesn’t look safe to give a confined application access to ~/.local/share/recently-used.xbel. The <bookmark:application> element includes a command line to open the file. That could potentially be used to escape the sandbox. So I don’t think there is any quick fix outside of improving xdg-desktop-portal.
Please reconsider this. Accessing files through the recently used list is an important feature for many user’s workflows, and not being able to see those is definitely a regression. Maybe there should be an option for the user to mark a given snap as trusted, which would remove such restrictions.
With the current state of affairs, a snap is just less useful than a traditional package. And as Ubuntu is moving more and more essential apps to snap, this would mean Ubuntu is getting less useful over time.
