Using xdg-open from snap

Gustavo Niemeyer gustavo.niemeyer at canonical.com
Wed Sep 21 11:18:41 UTC 2016


That was a good explanation indeed, thanks John.

Can we do something better than just recommend it on classic?  The feature
is common enough that this should be a requirement, I think.

The problem then is how to drop the package when building the Ubuntu Core
image.

On Wed, Sep 21, 2016 at 5:39 AM, John Lenton <john.lenton at canonical.com>
wrote:

> Eloy, Spencer, Otfried,
>
> The xdg-open we ship in /usr/local in the snap-core snap failing like
> that is a bug; it seems we weren't covering this use case in our
> tests.
>
> jdstrand has now addressed this, and although with his fix right now
> you'll need to ask for the unity7 interface it is expected to grow
> into a more fine-grained interface at some point, it was put there to
> unblock people (i.e. you). We expect this fix to be part of the 2.15
> release, but it might slip to 2.16.
>
> This is not the whole story, however. You'll also need the
> snapd-xdg-open package (or a dbus service providing OpenURL on the
> com.canonical.SafeLauncher interfacee) in your classic system. You can
> install that in yakkety, or get it from -proposed for xenial
> (https://launchpad.net/ubuntu/+source/snapd-xdg-open), or get the
> source from https://github.com/snapcore/snapd-xdg-open. As soon as it
> gets out of -proposed and into -updates we'll have snapd recommend it,
> but this might not be ready for 2.15.
>
> On 21 September 2016 at 08:18, Eloy García (PC Actual)
> <eloy.garcia.pca at gmail.com> wrote:
> > Hi all.
> >
> > I have the same problem in my snap java-based application. I use xdg-open
> > command to launch the default browser so, it would be great a solution :)
> >
> > Best,
> >
> > Eloy
> >
> > 2016-09-20 15:46 GMT+02:00 Spencer Parkin <spencertparkin at gmail.com>:
> >>
> >> This is related to a question I had as well.  I have a program that uses
> >> wxLaunchDefaultBrowser which, looking at its implementation, tries to
> make
> >> the system call "exec()" to launch the default browser with a URL.
> >>
> >> If snap programs are not allowed to start other processes, that's fine;
> >> but if enough people need to launch the default browser with a URL,
> then I'm
> >> sure a secure solution just for this could somehow be implemented for
> snaps.
> >>
> >> I gather that one design goal of snaps, however, is the ability for
> people
> >> to write programs for any environment, but also have them work as snaps
> so
> >> that the programmer doesn't have to write snap-specific code, or make
> >> snap-specific considerations in their code.  In other words, your code
> >> should be "none-the-wiser" that it is running in the confined area.
> >>
> >> So with that in mind, I'm not sure how to solve the problem.  Any secure
> >> API exposed to snap applications already breaks the above design goal.
> >>
> >> Of course, it's not unreasonable for my program to have "#ifdef WIN32"
> or
> >> "#ifdef UNIX", and in the latter case, I may be looking to utilize
> something
> >> in a standard unix environment which, I believe, is synthesized in
> Unbuntu
> >> Core.  That's where I believe the snap environment can intercept what an
> >> application is doing and provide a secure solution, and this may be the
> >> "xdg-open" thing Otfried was talking about.
> >>
> >>
> >> On Mon, Sep 19, 2016 at 2:37 AM, Otfried Cheong <
> otfried at ipe.airpost.net>
> >> wrote:
> >>>
> >>> Hello,
> >>>
> >>> my app has a manual in html.  I normally show this using "xdg-open
> >>> <url>", but from the snap this results in "xdg-open: Permission
> denied",
> >>> leaving this log:
> >>>
> >>> [21249.231634] audit: type=1400 audit(1474273861.873:383):
> >>> apparmor="DENIED" operation="exec" profile="snap.ipe.sh"
> >>> name="/usr/local/bin/xdg-open" pid=9551 comm="sh" requested_mask="x"
> >>> denied_mask="x" fsuid=1000 ouid=0
> >>>
> >>> According to
> >>> https://lists.ubuntu.com/archives/snapcraft/2016-September/001048.html
> >>> this should work.
> >>> I did refresh ubuntu-core from the beta channel and currently have
> >>> revision 636 of ubuntu-core.
> >>>
> >>>
> >>> Slightly related:  If I understand
> >>> https://lists.ubuntu.com/archives/snapcraft/2016-September/001118.html
> >>> correctly, the host filesystem should be exposed to the snap as
> >>> /var/lib/snapd/hostfs in devmode?    It isn't on my system.
> >>>
> >>> Cheers,
> >>>  Otfried
> >>>
> >>>
> >>> --
> >>> Snapcraft mailing list
> >>> Snapcraft at lists.snapcraft.io
> >>> Modify settings or unsubscribe at:
> >>> https://lists.ubuntu.com/mailman/listinfo/snapcraft
> >>
> >>
> >>
> >> --
> >> Snapcraft mailing list
> >> Snapcraft at lists.snapcraft.io
> >> Modify settings or unsubscribe at:
> >> https://lists.ubuntu.com/mailman/listinfo/snapcraft
> >>
> >
> >
> >
> > --
> > Eloy García Almadén
> >
> > --
> > Snapcraft mailing list
> > Snapcraft at lists.snapcraft.io
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/snapcraft
> >
>
> --
> Snapcraft mailing list
> Snapcraft at lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailm
> an/listinfo/snapcraft
>



-- 
gustavo @ http://niemeyer.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20160921/a2e02e65/attachment.html>


More information about the Snapcraft mailing list