Hi there, the KeePassXC snap works perfectly fine but it shows the opened file as a /run/ path:
If you select a key file, it would also show as a /run/ path:
Why is that the case? Thanks
Hi there, the KeePassXC snap works perfectly fine but it shows the opened file as a /run/ path:
If you select a key file, it would also show as a /run/ path:
Why is that the case? Thanks
It’s the interaction of the file picker, which is actually an XDG Desktop Portal, which has to handle the snap being in a sandbox. When it detects a file that it thinks the Snap can’t access directly, it does some magic to rewrite the file as if it were in /run/user/
, which isn’t blocked by the snap permissions. In sorts, it’s like a symbolic link with more magic on top.
Seeing this as a string isn’t unusual and the Flatpak will operate the same way (although may do it in different circumstances). I’m not sure there’s really a solution for this aside from the UI not showing the file path, however from its perspective, that absolutely is the right filepath. The sandboxing is supposed to help prevent information leaking to some degree and this is a minor aspect of that.
You’d ideally find the real path is returned if:
home
interface is connected (it is by default) and you’re using $HOME
for your database storage, except for top level hidden folders which are blocked.removable-media
interface is connected (it isn’t by default) and you’re using /mount
or /media
for your database storage.In any other situation, the /run
path is a technical necessity, but isn’t a problem unless the underlying storage is misplaying with the portals.
In any case, the long story short is, this is a shared implementation between Snap/Flatpak and the reason is essentially “Sandboxing”. If it’s reliable for you, don’t worry about it. But I do encourage some basic testing, as when I used it on GVFS with Google Drive as a backend, the portals would regularly lose track of the filename (the real file, not the /run
path!) and cause drama for me personally, and the only answer was to avoid the Google Drive backend in Gnome (leading me ultimately down a traitorous path of using Bitwarden!)