I’m thinking this is a bug, but not sure where to file it, so starting a discussion here to canvas developer opinion and figure out where to put it.
Someone sent me a zip file containing lots of files where the default app to open them was a snap. In this case it was a browser, but could be svg files opening with inkscape or xcf files opening with the gimp, the issue is the same.
I opened the zip file using file roller (the default on Ubuntu 16.04) and then double clicked one of the files in the zip. File roller unpacked that file to
~/.cache/fr-<somename>/folder/filename.ext and then launched the snap to open it.
The snapped application has no access to
~/.cache so just spat an error at me.
Where’s the bug here? The
home interface blocks access to files in dot-folders in home, so it could be the
home interface could be changed to allow this? Will portals fix this? Something in snapd? Who owns this bug?
@attache gives @popey a coffee to consider ramifications.
file-roller is unconfined and written without application-isolation in mind, so it uses the cache directory for the session, ie ~/.cache, which is unavailable to the snap. For a snap to use it, it would need to be unpacked to an area that the snap also has access to, such as ~/snap/$SNAP/$SNAP_REVISION/.cache, ~/Downloads/file-roller/cache (if the snap plugs ‘home’), etc. This is really about lack of coordination/missing feature IMHO rather than a bug, per se.
This could be solved in various ways, but the main point is there needs to be some coordination between file-roller and the snap handler. One idea would be for file-roller to notice that the mime-handler is provided by a snap and to unpack the files handled by the snap into the snap’s SNAP_USER_DATA/.cache. This requires changes to file-roller.
To solve this generically would need design. I can imagine a situation where an unmodified file-roller/any application like file-roller calls the handler-provided-as-a-snap, and that snap notices that the file is outside of its confinement, so it talks to an external trusted helper to prompt the user for access (could be portals, could be the future apparmor ‘prompt’ rule, etc). This does not require changes to file-roller, but does require changes to the system and may require changes to the handler.