Initial epiphany snap: manual review

I have created a snap for epiphany (aka GNOME Web). It needs manual review because of dbus (because it uses GtkApplication) and the browser sandbox.

I understand the browser sandbox is a special interface not meant for widespread use. I think it’s appropriate here since Epiphany is a web browser powered by WebKitGTK trying to do similar things as Chromium or Safari.

Without the browser sandbox connection, I get systemd journal errors like this (and the app won’t load any webpages):

kernel: audit: type=1400 audit(): apparmor="DENIED" operation="mknod"
 profile="snap.epiphany.epiphany" name="/dev/shm/WK2SharedMemory.1582825031"
 pid=12647 comm="WebKitWebProces" requested_mask="c" denied_mask="c"

I have updated my snap to use https://github.com/sergiusens/snapcraft-preload instead of the browser sandbox. That fixes the /dev/shm issue.

Epiphany was approved.

Great! I was going to ask if that would help since webkit doesn’t use the same internal sandboxing mechanisms as the chromium content api and firefox.

Installed! I recently started using Epiphany - so great timing!

Hey @jbicha Where would you prefer to broker questions regarding the snap? New thread or here? For example the snap completely ignores the system theme, etc.

Sure, we’ll take questions here for now.

What theme are you trying to use?

In this case it is Qogir-dark (From Ubuntu Budgie). Is suspect that the snap is using the common-themes snap. I had opened an issue on that to see if I could get this theme in. But I mostly wanted to confirm that is the case with you (that the snap is using the common themes component).

Thank you in advance!

Is that Ubuntu Budgie’s default theme?

Yes, only themes in common-themes work for Snaps at this time. Personally, I just use Yaru (most of the time) or Adwaita.

Firefox Sync does not work because Apparmour blocks access to gnome-keyring.

Please file a bug for that on Launchpad and add the snap tag.

We might not want to grant the snap access to the gnome-keyring.