I looked into this today. Extending nautilus can be done in one of two ways:
- nautilus scripts (typically installed in ~/.local/share/nautilus/scripts). These are executed by nautilus.
- nautilus extensions (often installed in /usr/lib/@{multiarch}/nautilus/extensions-). These are .so files that run within the context of nautilus itself
Scripts could be handled via personal-files immediately, but they would execute outside of confinement unless the developer used ‘snap run’ within the script that was installed in the nautilus scripts directory. Instead, the script should be declared to snapd in some manner, then userd could write out a wrapper in the nautilus scripts directory that calls snap run (or an appropriate system wide directory via snapd). Nautilus scripts can therefore be relatively easily supported as strict mode snaps.
Since, nautilus extensions are .so files that run within the context of nautilus, they are similar to GNOME shell extensions in that the extension must work with a supported nautilus extension version and provide sandbox escape since they run outside of confinement (note, GNOME shell extensions are not supported and not candidates for classic). I suspect that the extension version is less of a problem since it only seems to be tied to the nautilus major version, but examining a running nautilus with an extension installed via deb (nautilus-gtkhash) shows that, indeed, nautilus loads the extension into its address space and doesn’t use any sort of a fork/exec’d helper, etc that we could leverage to run the extension under strict confinement. There is an open issue in gitlab for shipping nautilus extensions as flatpaks: https://gitlab.gnome.org/GNOME/nautilus/issues/476, but there is no movement. Snapd and flatpak would require similar mechanisms from nautilus for shipping as snaps or flatpks, so the first steps would be for interested parties to participate in that issue and create a solution that works for both flatpak and snapd.
@pedronis and I discussed this issue in Vancouver and came to the conclusion that so long as there was a path forward to strict confinement, nautilus extensions could be temporarily shipped as snaps with classic confinement. While there is a path forward for nautilus scripts, there is not for nautilus extensions and as such nautilus extensions are not candidates for classic at this time since nautilus itself needs to be rearchitected to support launching extensions under a different security context.